CVSS: 9.8EPSS: 7%CPEs: 52EXPL: 1CVE-2019-14540 – jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
https://notcve.org/view.php?id=CVE-2019-14540
15 Sep 2019 — A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Está relacionado con com.zaxxer.hikari.HikariConfig. Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving pla... • https://github.com/LeadroyaL/cve-2019-14540-exploit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14939
https://notcve.org/view.php?id=CVE-2019-14939
12 Aug 2019 — An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. Se detectó un problema en el módulo mysql (también conocido como mysqljs) versión 2.17.1, para Node.js. La opción LOAD DATA LOCAL INFILE está abierta por defecto. • https://github.com/mysqljs/mysql/issues/2257 •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-3800 – CF CLI writes the client id and secret to config file
https://notcve.org/view.php?id=CVE-2019-3800
05 Aug 2019 — CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --... • https://pivotal.io/security/cve-2019-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2819 – mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2819
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 4.2EPSS: 0%CPEs: 17EXPL: 0CVE-2019-2797 – mysql: Client programs unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2797
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS)... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-2805 – mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2805
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availab... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2791
https://notcve.org/view.php?id=CVE-2019-2791
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL ... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0CVE-2019-2774 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2774
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts)... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2019-2778 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2778
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial ... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0CVE-2019-2755 – mysql: Server: Replication unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2755
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impact... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •