|
247221
|
3.7 |
LOW
Network
|
apache
|
hive
|
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content …
|
CWE-200
Information Exposure
|
CVE-2018-1284
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247222
|
9.1 |
CRITICAL
Network
|
apache
|
hive
|
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implement…
|
CWE-89
SQL Injection
|
CVE-2018-1282
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247223
|
8.8 |
HIGH
Network
|
theforeman redhat
|
foreman satellite
|
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute…
|
-
|
CVE-2018-1097
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247224
|
8.1 |
HIGH
Network
|
moodle
|
moodle
|
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
|
CWE-287
Improper Authentication
|
CVE-2018-1082
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247225
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script…
|
NVD-CWE-noinfo
|
CVE-2018-1081
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247226
|
9.8 |
CRITICAL
Network
|
ibm
|
api_connect
|
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.
|
NVD-CWE-noinfo
|
CVE-2018-1469
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247227
|
8.1 |
HIGH
Network
|
ibm
|
spectrum_protect_for_virtual_environments spectrum_protect_for_space_management spectrum_protect_snapshot
|
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of …
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2018-1447
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247228
|
7.1 |
HIGH
Network
|
ibm
|
datapower_gateway
|
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vu…
|
CWE-611
XXE
|
CVE-2018-1421
|
2024-11-21 12:59 |
2018-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247229
|
5.5 |
MEDIUM
Local
|
redhat fedoraproject
|
etcd fedora
|
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other add…
|
CWE-20
Improper Input Validation
|
CVE-2018-1099
|
2024-11-21 12:59 |
2018-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247230
|
8.8 |
HIGH
Network
|
redhat fedoraproject
|
etcd fedora
|
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done wit…
|
-
|
CVE-2018-1098
|
2024-11-21 12:59 |
2018-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|