CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2436 – mysql: Server: Replication unspecified vulnerability (CPU Jan 2019)
https://notcve.org/view.php?id=CVE-2019-2436
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106625 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://security.netapp.com/advisory/ntap-20190118-0002 https://access.redhat.com/security/cve/CVE-2019-2436 https://bugzilla.redhat.com/show_bug.cgi?id=1666741 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7887
https://notcve.org/view.php?id=CVE-2015-7887
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. NetApp SnapCenter Server 1.0 permite que usuarios remotos autenticados enumeren y eliminen copias de seguridad. • http://www.securityfocus.com/bid/77315 https://kb.netapp.com/support/s/article/ka51A00000007EnQAI/authentication-bypass-vulnerability-in-snapcenter-server-1-0?language=en_US • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1502
https://notcve.org/view.php?id=CVE-2016-1502
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. NetApp SnapCenter Server 1.0 y 1.0P1 permite a atacantes remotos eludir parcialmente la autenticación y luego listar y eliminar copias de seguridad a través de vectores no especificados. • https://kb.netapp.com/support/s/article/authentication-bypass-vulnerability-in-snapcenter-server-1-0-1-0p1 • CWE-287: Improper Authentication •