Total
30376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1411 | 1 Ibm | 2 Client Application Access, Notes | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710. | |||||
| CVE-2018-1410 | 1 Ibm | 2 Client Application Access, Notes | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709. | |||||
| CVE-2018-1409 | 1 Ibm | 2 Client Application Access, Notes | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708. | |||||
| CVE-2018-1391 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376. | |||||
| CVE-2018-1389 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213. | |||||
| CVE-2018-1383 | 1 Ibm | 1 Aix | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117. | |||||
| CVE-2018-1371 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. IBM X-Force ID: 137771. | |||||
| CVE-2018-1366 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452. | |||||
| CVE-2018-1362 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 6.0 MEDIUM | 5.0 MEDIUM |
| IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380. | |||||
| CVE-2018-1348 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.8 MEDIUM | 5.3 MEDIUM |
| NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. | |||||
| CVE-2018-1346 | 1 Netiq | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 3.1 LOW |
| Addresses denial of service attack to eDirectory versions prior to 9.1. | |||||
| CVE-2018-1345 | 1 Netiq | 1 Imanager | 2024-11-21 | 6.5 MEDIUM | 5.9 MEDIUM |
| NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. | |||||
| CVE-2018-1344 | 1 Netiq | 1 Imanager | 2024-11-21 | 5.0 MEDIUM | 3.1 LOW |
| Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 | |||||
| CVE-2018-1335 | 1 Apache | 1 Tika | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. | |||||
| CVE-2018-1331 | 1 Apache | 1 Storm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user. | |||||
| CVE-2018-1327 | 1 Apache | 1 Struts | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. | |||||
| CVE-2018-1313 | 2 Apache, Oracle | 2 Derby, Weblogic Server | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. | |||||
| CVE-2018-1305 | 4 Apache, Canonical, Debian and 1 more | 6 Tomcat, Ubuntu Linux, Debian Linux and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. | |||||
| CVE-2018-1304 | 5 Apache, Canonical, Debian and 2 more | 11 Tomcat, Ubuntu Linux, Debian Linux and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. | |||||
| CVE-2018-1288 | 3 Apache, Oracle, Redhat | 5 Kafka, Database, Primavera P6 Enterprise Project Portfolio Management and 2 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. | |||||