CVSS: 9.1EPSS: 13%CPEs: 15EXPL: 24CVE-2018-10933 – libSSH - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. Se ha detectado una vulnerabilidad en la máquina de estado del lado del servidor de libssh en versiones anteriores a la 0.7.6 y 0.8.4. Un cliente malicioso podría crear canales sin realizar antes la autenticación, lo que resulta en un acceso no autorizado. libSSH suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/45638 https://www.exploit-db.com/exploits/46307 https://github.com/blacknbunny/CVE-2018-10933 https://github.com/SoledaD208/CVE-2018-10933 https://github.com/jas502n/CVE-2018-10933 https://github.com/Virgula0/POC-CVE-2018-10933 https://github.com/shifa123/pythonprojects-CVE-2018-10933 https://github.com/kn6869610/CVE-2018-10933 https://github.com/xFreed0m/CVE-2018-10933 https://github.com/r3dxpl0it/CVE-2018-10933 https://github.com&#x • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-3195
https://notcve.org/view.php?id=CVE-2018-3195
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105607 http://www.securitytracker.com/id/1041888 https://security.netapp.com/advisory/ntap-20181018-0002 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-3137
https://notcve.org/view.php?id=CVE-2018-3137
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105607 http://www.securitytracker.com/id/1041888 https://security.netapp.com/advisory/ntap-20181018-0002 •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2018-3162 – mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3162
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105594 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://security.gentoo.org/glsa/201908-24 https://security.netapp.com/advisory/ntap-20181018-0002 https://usn.ubuntu.com/3799-1 https://access.redhat.com/security/cve/CVE-2018-3162 https://bugzilla.redhat.com/show_bug.cgi?id& •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-3133 – mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3133
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105610 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://security.netapp.com/advisory/ntap-20181018-0002 https://usn.ubuntu.com/3799-1 https://usn.ubuntu.com/3799-2 https://access.redhat.com/security/cve/CV •