CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2819 – mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2819
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability im... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 7.7EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2755 – mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2755
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impa... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 5.9EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2761 – mysql: Client programs unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2761
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.4EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2771 – mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2771
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.9EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2781 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2781
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0CVE-2018-2799 – OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)
https://notcve.org/view.php?id=CVE-2018-2799
19 Apr 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Jav... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 44%CPEs: 29EXPL: 1CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
06 Apr 2018 — GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; espe... • https://packetstorm.news/files/id/154124 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-7566 – kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
https://notcve.org/view.php?id=CVE-2018-7566
30 Mar 2018 — The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. El kernel de Linux 4.15 tiene un desbordamiento de búfer mediante una operación de escritura ioctl SNDRV_SEQ_IOCTL_SET_CLIENT_POOL en /dev/snd/seq por un usuario local. ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, ... • http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 5%CPEs: 39EXPL: 0CVE-2018-1312 – httpd: Weak Digest auth nonce generation in mod_auth_digest
https://notcve.org/view.php?id=CVE-2018-1312
26 Mar 2018 — In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. En Apache httpd, en versiones desde la 2.2.0 hasta la 2.4.29, cuando se genera un desafío de autenticación HTTP Digest, el nonce enviado para evitar ataques replay no se... • http://www.openwall.com/lists/oss-security/2018/03/24/7 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 9.8EPSS: 38%CPEs: 25EXPL: 4CVE-2018-1000140 – librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c
https://notcve.org/view.php?id=CVE-2018-1000140
23 Mar 2018 — rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. rsyslog librelp en versiones 1.2.14 y anteriores contiene una vulnerabilidad de desbordamiento de búfer en la verificación de certificados x509 desde un peer que puede r... • https://packetstorm.news/files/id/172829 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •