CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2019-11884 – kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
https://notcve.org/view.php?id=CVE-2019-11884
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. La función do_hidp_sock_ioctl en net/bluetooth/hidp/sock.c en el kernel de Linux, versiones anteriores a 5.0.15, permite a un usuario local obtener información potencialmente sensible de la memoria de la pila del kernel a través de un comando HIDPCONNNADD, ya que un campo de nombre puede no terminar con un carácter ` \0'. A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.securityfocus.com/bid/108299 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0740 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15 https://g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0CVE-2019-2683 – mysql: Server: Options unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2683
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://support.f5.com/csp/article/K28312671 https://usn.ubuntu.com/3957-1 https://access.redhat.com/security/cve/CVE-2019-2683 https://bugzilla.redhat.com/show_bug.cgi?id=1702985 •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2019-2685 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2685
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://support.f5.com/csp/article/K28312671 https://access.redhat.com/security/cve/CVE-2019-2685 https://bugzilla.redhat.com/show_bug.cgi?id=1702986 •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2019-2686 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2686
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://support.f5.com/csp/article/K28312671 https://access.redhat.com/security/cve/CVE-2019-2686 https://bugzilla.redhat.com/show_bug.cgi?id=1702987 •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2019-2687 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2687
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://support.f5.com/csp/article/K28312671 https://access.redhat.com/security/cve/CVE-2019-2687 https://bugzilla.redhat.com/show_bug.cgi?id=1702989 •