CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2017-18191 – openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host
https://notcve.org/view.php?id=CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. Se ha descubierto un problema en OpenStack Nova en versiones 15.x hasta la 15.1.0 y 16.x hasta la 16.1.1. • http://openwall.com/lists/oss-security/2018/04/20/3 http://www.securityfocus.com/bid/103104 https://access.redhat.com/errata/RHSA-2018:2332 https://access.redhat.com/errata/RHSA-2018:2714 https://access.redhat.com/errata/RHSA-2018:2855 https://launchpad.net/bugs/1739593 https://review.openstack.org/539893 https://security.openstack.org/ossa/OSSA-2018-001.html https://access.redhat.com/security/cve/CVE-2017-18191 https://bugzilla.redhat.com/show_bug.cgi?id=1546937 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-2622 – mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2622
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102706 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html https://lists. •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-2562 – mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2562
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102713 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-2640 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2640
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102678 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html https://lists. •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2018-2668 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2668
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102682 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html https://lists. •