CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2482 – mysql: Server: PS unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2482
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106619 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://security.netapp.com/advisory/ntap-20190118-0002 https://usn.ubuntu.com/3867-1 https://access.redhat.com/security/cve/CVE-2019-2482 https://bugzilla.redhat.com/show_bug.cgi?id=1666744 •
CVSS: 5.9EPSS: 0%CPEs: 47EXPL: 0CVE-2018-0735 – Timing attack against ECDSA signature generation
https://notcve.org/view.php?id=CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 http://www.securitytracker.com/id/1041986 https://access.redhat.com/errata/RHSA-2019:3700 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html https://nodejs.org/en/blog/vulnerability/november-2018-security-releases https://security.netapp.com/advisor • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2018-3278 – mysql: Server: RBR unspecified vulnerability (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3278
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105600 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20181018-0002 https://usn.ubuntu.com/3799-1 https://access.redhat.com/security/cve/CVE-2018-3278 https://bugzilla.redhat.com/show_bug.cgi?id=1640320 •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2018-3144 – mysql: Server: Security: Audit unspecified vulnerability (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3144
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105594 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20181018-0002 https://usn.ubuntu.com/3799-1 https://access.redhat.com/security/cve/CVE-2018-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1640326 •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-3247 – mysql: Server: Merge unspecified vulnerability (CPU Oct 2018)
https://notcve.org/view.php?id=CVE-2018-3247
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105600 http://www.securitytracker.com/id/1041888 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20181018-0002 https://usn.ubuntu.com/3799-1 https://access.redhat.com/security/cve/CVE-2018-3247 https://bugzilla.redhat.com/show_bug.cgi?id=1640317 •