CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2019-7310 – poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
https://notcve.org/view.php?id=CVE-2019-7310
03 Feb 2019 — In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. En la versión 0.73.0 de Poppler, una sobrelectura de búfer (debido a un error en la propiedad signedness de un número entero en la función XRef::getEntry function en XRef.cc) basada en memoria dinámica (heap) p... • http://www.securityfocus.com/bid/106829 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 6.1EPSS: 1%CPEs: 29EXPL: 0CVE-2018-18506 – Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied
https://notcve.org/view.php?id=CVE-2018-18506
31 Jan 2019 — When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2019-7150 – elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c
https://notcve.org/view.php?id=CVE-2019-7150
29 Jan 2019 — An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. Se ha descubierto un problema en la versión 0.175 de elfutils. Podría ocurrir un fallo de segmentación en la función elf64_xlatetom en libelf/elf32_xlatetom.c, debido a que ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 22EXPL: 0CVE-2019-2420 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2420
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts)... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2019-2434 – mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2434
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2436 – mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2436
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0CVE-2019-2455 – mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2455
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availab... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0CVE-2019-2503 – mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2503
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete acce... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 4.9EPSS: 0%CPEs: 23EXPL: 0CVE-2019-2510 – mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2510
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0CVE-2019-2529 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2529
16 Jan 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Avai... • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •