|
250111
|
7.5 |
HIGH
Network
|
apache
|
hadoop
|
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through H…
|
CWE-287
Improper Authentication
|
CVE-2018-11765
|
2024-11-21 12:43 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250112
|
5.4 |
MEDIUM
Adjacent
|
puppet
|
puppet_server
|
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
|
CWE-295
Improper Certificate Validation
|
CVE-2018-11751
|
2024-11-21 12:43 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250113
|
7.5 |
HIGH
Network
|
apache
|
hadoop
|
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11768
|
2024-11-21 12:43 |
2019-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250114
|
9.8 |
CRITICAL
Network
|
eventum_project
|
eventum
|
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-11569
|
2024-11-21 12:43 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250115
|
8.1 |
HIGH
Network
|
cloudera
|
cloudera_manager
|
Cloudera Manager through 5.15 has Incorrect Access Control.
|
CWE-284
Improper Access Control
|
CVE-2018-11744
|
2024-11-21 12:43 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250116
|
6.1 |
MEDIUM
Network
|
e107
|
e107
|
In e107 v2.1.7, output without filtering results in XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11734
|
2024-11-21 12:43 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250117
|
9.8 |
CRITICAL
Network
|
fasterxml
redhat
oracle
|
jackson-databind
openshift_container_platform
retail_customer_management_and_segmentation_foundation
clusterware
global_lifecycle_management_opatch
utilities_advanced_spatial_and_opera…
|
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-11307
|
2024-11-21 12:43 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250118
|
4.6 |
MEDIUM
Network
|
otrs
debian
|
otrs
debian_linux
|
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged…
|
NVD-CWE-noinfo
|
CVE-2018-11563
|
2024-11-21 12:43 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250119
|
9.8 |
CRITICAL
Network
|
flowpaper
|
flexpaper
|
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.
|
CWE-20
Improper Input Validation
|
CVE-2018-11686
|
2024-11-21 12:43 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250120
|
9.8 |
CRITICAL
Network
|
moxa
|
oncell_g3470a-lte-us_firmware
oncell_g3470a-lte-us-t_firmware
oncell_g3470a-lte-eu_firmware
oncell_g3470a-lte-eu-t_firmware
|
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11425
|
2024-11-21 12:43 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
