Page 14 of 123 results (0.009 seconds)

CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0

CVE-2018-2839 – mysql: Server: DML unspecified vulnerability (CPU Apr 2018)

https://notcve.org/view.php?id=CVE-2018-2839

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103845 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20180419-0002 https://usn.ubuntu.com/3629-1 https://usn.ubuntu.com/3629-3 https://access.redhat.com/security/cve/CVE-2018-2839 https://bugzilla.redhat.com/show_bug.cgi?id=1568957 •

CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0

CVE-2018-2825 – Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2018-2825

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103782 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •

CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0

CVE-2018-2826 – Oracle Java MethodHandles tryFinally Type Confusion Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2018-2826

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103796 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •

CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 0

CVE-2016-10708 – openssh: Out of sequence NEWKEYS message can allow remote attacker to cause denial of service

https://notcve.org/view.php?id=CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. sshd en OpenSSH, en versiones anteriores a la 7.4, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del demonio) mediante un mensaje NEWKEYS fuera de secuencia, tal y como demuestra Honggfuzz, relacionado con kex.c y packet.c. • http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html http://www.securityfocus.com/bid/102780 https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10284 https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://security.netapp.com/advisory/ntap-20180423 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-11461

https://notcve.org/view.php?id=CVE-2017-11461

NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. NetApp OnCommand Unified Manager para 7-mode (core package) en versiones anteriores a la 5.2.1 es susceptible al secuestro de clics o "UI redress attack", lo que se podría utilizar para provocar que un usuario realice una acción no planeada en la interfaz de usuario. • http://www.securityfocus.com/bid/101778 https://security.netapp.com/advisory/ntap-20171107-0001 • CWE-20: Improper Input Validation •