Page 22 of 111 results (0.010 seconds)

CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0

CVE-2019-2534 – mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)

https://notcve.org/view.php?id=CVE-2019-2534

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106619 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://security.netapp.com/advisory/ntap-20190118-0002 https://usn.ubuntu.com/3867-1 https://access.redhat.com/security/cve/CVE-2019-2534 https://bugzilla.redhat.com/show_bug.cgi?id=1666760 •

CVSS: 4.9EPSS: 0%CPEs: 23EXPL: 0

CVE-2019-2531 – mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)

https://notcve.org/view.php?id=CVE-2019-2531

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106619 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://security.netapp.com/advisory/ntap-20190118-0002 https://usn.ubuntu.com/3867-1 https://access.redhat.com/security/cve/CVE-2019-2531 https://bugzilla.redhat.com/show_bug.cgi?id=1666757 •

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2019-2436 – mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)

https://notcve.org/view.php?id=CVE-2019-2436

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106625 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://security.netapp.com/advisory/ntap-20190118-0002 https://access.redhat.com/security/cve/CVE-2019-2436 https://bugzilla.redhat.com/show_bug.cgi?id=1666741 •

CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0

CVE-2017-12613 – apr: Out-of-bounds array deref in apr_time_exp*() functions

https://notcve.org/view.php?id=CVE-2017-12613

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Cuando las funciones apr_time_exp*() o apr_os_exp_time*() se invocan con un valor del campo no válido en Apache Portable Runtime APR 1.6.2 y anteriores, se podría acceder a la memoria fuera de límites convirtiendo este valor en un valor apr_time_exp_t, revelando potencialmente el contenido de otro valor de memoria dinámica estática. También podría desembocar en la terminación del programa, representando una vulnerabilidad de divulgación de información o de denegación de servicio en aplicaciones que llaman a esas funciones APR con entradas externas no validadas. An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. • http://www.apache.org/dist/apr/Announcement1.x.html http://www.openwall.com/lists/oss-security/2021/08/23/1 http://www.securityfocus.com/bid/101560 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3270 https://access.redhat.com/errata/RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2018:0316 https://access.redhat.com/errata/RHSA • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 87%CPEs: 10EXPL: 0

CVE-2016-0742 – nginx: invalid pointer dereference in resolver

https://notcve.org/view.php?id=CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302587 https://security.gentoo • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •