CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-2952 – OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
https://notcve.org/view.php?id=CVE-2018-2952
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104765 http://www.securitytracker.com/id/1041302 https://access.redhat.com/errata/RHSA-2018:2241 https://access.redhat.com/errata/RHSA-2018:2242 https://access.redhat.com/errata/RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2256 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2018-3064 – mysql: InnoDB unspecified vulnerability (CPU Jul 2018)
https://notcve.org/view.php?id=CVE-2018-3064
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104776 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html https://security.netapp.com/advisory/ntap-20180726-0002 https://usn.ubuntu.com/3725-1 https://www.debian.org/security/2018/dsa-4341 https://access.redhat.com/ •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2018-3077 – mysql: Server: DDL unspecified vulnerability (CPU Jul 2018)
https://notcve.org/view.php?id=CVE-2018-3077
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104769 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20180726-0002 https://usn.ubuntu.com/3725-1 https://access.redhat.com/security/cve/CVE-2018-3077 https://bugzilla.redhat.com/show_bug.cgi?id=1602375 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-3065 – mysql: Server: DML unspecified vulnerability (CPU Jul 2018)
https://notcve.org/view.php?id=CVE-2018-3065
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104769 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20180726-0002 https://usn.ubuntu.com/3725-1 https://access.redhat.com/security/cve/CVE-2018-3065 https://bugzilla.redhat.com/show_bug.cgi?id=1602365 •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2018-14354 – mutt: Remote code injection vulnerability to an IMAP mailbox
https://notcve.org/view.php?id=CVE-2018-14354
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto esto está relacionado con el comando mailboxes asociado con una suscripción o una baja manuales. • http://www.mutt.org/news.html http://www.securityfocus.com/bid/104925 https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-2 h • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •