CVSS: 8.8EPSS: 0%CPEs: 81EXPL: 0CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
11 May 2018 — Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizad... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-10545 – php: Dumpable FPM child processes allow bypassing opcache access controls
https://notcve.org/view.php?id=CVE-2018-10545
29 Apr 2018 — An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. Se ha descubierto un problema en PHP en versiones anteriores a la 05/06/1935, ... • http://php.net/ChangeLog-5.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 58%CPEs: 11EXPL: 1CVE-2018-10546 – php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
https://notcve.org/view.php?id=CVE-2018-10546
29 Apr 2018 — An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. Existe un bucle infinito en ext/iconv/iconv.c debido a que el filtro de transmisione... • https://github.com/dsfau/CVE-2018-10546 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.1EPSS: 29%CPEs: 13EXPL: 0CVE-2018-10547 – php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
https://notcve.org/view.php?id=CVE-2018-10547
29 Apr 2018 — An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. Se ha descubierto un problema en ext/phar/phar_object.c en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versio... • http://php.net/ChangeLog-5.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 65%CPEs: 13EXPL: 0CVE-2018-10548 – php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply
https://notcve.org/view.php?id=CVE-2018-10548
29 Apr 2018 — An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 07.1.17 y versiones 7.2.x anteriores a la 7.2.5. ext/ldap/ldap.c permite que ... • http://php.net/ChangeLog-5.php • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 4%CPEs: 10EXPL: 0CVE-2018-10549 – php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
https://notcve.org/view.php?id=CVE-2018-10549
29 Apr 2018 — An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. exif_read_data en ext/exif/... • http://php.net/ChangeLog-5.php • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-2812 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2812
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of M... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2018-2813 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2813
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2018-2816 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2816
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0CVE-2018-2818 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2818
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base S... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •