CVSS: 4.9EPSS: 0%CPEs: 23EXPL: 0CVE-2019-2510 – mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2510
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106627 https://access.redhat.com/errata/RHSA-2019:1258 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://access.redhat.com/errata/RHSA-2019:3708 https://security.gentoo.org/glsa/201908-24 https://security.netapp.com/advisory/ntap-20190118-0002 https://usn.ubuntu.com/3867-1 https://access.redhat.com/security/cve/CVE •
CVSS: 5.9EPSS: 0%CPEs: 47EXPL: 0CVE-2018-0735 – Timing attack against ECDSA signature generation
https://notcve.org/view.php?id=CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 http://www.securitytracker.com/id/1041986 https://access.redhat.com/errata/RHSA-2019:3700 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html https://nodejs.org/en/blog/vulnerability/november-2018-security-releases https://security.netapp.com/advisor • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2018-3200 – mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3200
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105594 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://security.gentoo.org/glsa/201908-24 https://security.netapp.com/advisory/ntap-20181018-0002 https://usn.ubuntu.com/3799-1 https://access.redhat.com/security/cve/CVE-2018-3200 https://bugzilla.redhat.com/show_bug.cgi?id& •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-3171 – mysql: Server: Partition unspecified vulnerability (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3171
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105594 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20181018-0002 https://usn.ubuntu.com/3799-1 https://access.redhat.com/security/cve/CVE-2018-3171 https://bugzilla.redhat.com/show_bug.cgi?id=1640334 •
CVSS: 5.3EPSS: 0%CPEs: 21EXPL: 0CVE-2018-3174 – mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3174
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105612 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html https://security.gentoo.org/glsa/201908-24 https://security.netapp.com/advisory/ntap-20181018-0002 •