CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2018-1339 835 2018-04-25 2019-10-03
4.3
None Remote Medium Not required None None Partial
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
802 CVE-2018-1338 835 2018-04-25 2019-10-03
4.3
None Remote Medium Not required None None Partial
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
803 CVE-2018-1335 2018-04-25 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
804 CVE-2018-1325 79 Exec Code XSS 2018-04-18 2019-06-12
4.3
None Remote Medium Not required None Partial None
In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.
805 CVE-2018-1315 732 2018-04-05 2019-10-03
4.3
None Remote Medium Not required None Partial None
In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.
806 CVE-2018-1308 611 2018-04-09 2019-11-12
5.0
None Remote Low Not required Partial None None
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
807 CVE-2018-1295 502 2018-04-02 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
808 CVE-2018-1292 89 Sql 2018-04-20 2018-05-22
5.5
None Remote Low ??? Partial Partial None
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
809 CVE-2018-1291 89 Sql 2018-04-20 2018-05-22
5.5
None Remote Low ??? Partial Partial None
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the "order" param in such a way to read/update the data for which he doesn't have authorization.
810 CVE-2018-1290 89 Sql 2018-04-20 2018-05-22
7.5
None Remote Low Not required Partial Partial Partial
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.
811 CVE-2018-1289 89 Sql 2018-04-20 2018-05-22
6.5
None Remote Low ??? Partial Partial Partial
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization.
812 CVE-2018-1284 200 +Info 2018-04-05 2018-05-15
4.3
None Remote Medium Not required Partial None None
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.
813 CVE-2018-1282 89 Sql Bypass 2018-04-05 2018-05-15
7.5
None Remote Low Not required Partial Partial Partial
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
814 CVE-2018-1277 400 2018-04-30 2018-06-13
4.0
None Remote Low ??? None None Partial
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.
815 CVE-2018-1275 94 Exec Code 2018-04-11 2021-12-15
7.5
None Remote Low Not required Partial Partial Partial
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
816 CVE-2018-1274 770 DoS 2018-04-18 2019-10-03
5.0
None Remote Low Not required None None Partial
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
817 CVE-2018-1273 20 Exec Code 2018-04-11 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
818 CVE-2018-1272 2018-04-06 2021-12-16
6.0
None Remote Medium ??? Partial Partial Partial
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
819 CVE-2018-1271 22 Dir. Trav. 2018-04-06 2021-12-15
4.3
None Remote Medium Not required Partial None None
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
820 CVE-2018-1270 94 Exec Code 2018-04-06 2022-04-06
7.5
None Remote Low Not required Partial Partial Partial
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
821 CVE-2018-1240 200 DoS +Info 2018-04-18 2019-10-03
2.7
None Local Network Low ??? Partial None None
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
822 CVE-2018-1217 2018-04-09 2019-10-03
5.0
None Remote Low Not required Partial None None
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.
823 CVE-2018-1183 611 2018-04-30 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service.
824 CVE-2018-1167 78 Exec Code 2018-04-19 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5501.
825 CVE-2018-1146 2018-04-19 2019-10-03
5.0
None Remote Low Not required None Partial None
A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
826 CVE-2018-1145 119 Overflow 2018-04-19 2018-05-18
7.5
None Remote Low Not required Partial Partial Partial
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
827 CVE-2018-1144 78 Exec Code 2018-04-19 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
828 CVE-2018-1143 78 Exec Code 2018-04-19 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
829 CVE-2018-1112 2018-04-25 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
830 CVE-2018-1106 287 Bypass 2018-04-23 2019-10-09
2.1
None Local Low Not required None Partial None
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
831 CVE-2018-1102 22 Dir. Trav. 2018-04-30 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
832 CVE-2018-1100 787 Exec Code Overflow 2018-04-11 2020-12-01
7.2
None Local Low Not required Complete Complete Complete
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
833 CVE-2018-1099 20 2018-04-03 2019-05-06
2.1
None Local Low Not required None Partial None
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
834 CVE-2018-1098 352 CSRF 2018-04-03 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.
835 CVE-2018-1097 200 +Info 2018-04-04 2019-10-09
4.0
None Remote Low ??? Partial None None
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
836 CVE-2018-1096 89 Sql 2018-04-05 2019-10-09
4.0
None Remote Low ??? Partial None None
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
837 CVE-2018-1095 476 DoS 2018-04-02 2018-10-31
7.1
None Remote Medium Not required None None Complete
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
838 CVE-2018-1094 476 DoS 2018-04-02 2020-11-09
7.1
None Remote Medium Not required None None Complete
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
839 CVE-2018-1093 125 DoS 2018-04-02 2018-08-29
7.1
None Remote Medium Not required None None Complete
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
840 CVE-2018-1092 476 DoS 2018-04-02 2018-10-31
7.1
None Remote Medium Not required None None Complete
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
841 CVE-2018-1088 266 2018-04-18 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
842 CVE-2018-1086 200 Bypass +Info 2018-04-12 2019-10-09
5.0
None Remote Low Not required Partial None None
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
843 CVE-2018-1084 190 Overflow 2018-04-12 2021-07-03
7.5
None Remote Low Not required Partial Partial Partial
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
844 CVE-2018-1082 287 2018-04-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
845 CVE-2018-1081 2018-04-04 2020-08-28
5.0
None Remote Low Not required None Partial None
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.
846 CVE-2018-1079 22 Dir. Trav. 2018-04-12 2019-10-09
4.0
None Remote Low ??? None Partial None
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
847 CVE-2018-1074 522 2018-04-26 2019-11-06
4.0
None Remote Low ??? Partial None None
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
848 CVE-2018-1059 200 +Info 2018-04-24 2021-08-04
2.9
None Local Network Medium Not required Partial None None
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
849 CVE-2018-1038 2018-04-02 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."
850 CVE-2018-1037 908 2018-04-12 2021-08-12
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
Total number of vulnerabilities : 1672   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.