Page 41 of 1047 results (0.079 seconds)

CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0

CVE-2019-2580 – mysql: InnoDB unspecified vulnerability (CPU Apr 2019)

https://notcve.org/view.php?id=CVE-2019-2580

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K58502649 https://access.redhat.com/security/cve/CVE-2019-2580 https •

CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0

CVE-2019-2584 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)

https://notcve.org/view.php?id=CVE-2019-2584

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K58502649 https://access.redhat.com/security/cve/CVE-2019-2584 https •

CVSS: 4.9EPSS: 0%CPEs: 20EXPL: 0

CVE-2019-2581 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019)

https://notcve.org/view.php?id=CVE-2019-2581

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K58502649 https://usn.ubuntu.com/3957-1 https://access.redhat •

CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0

CVE-2019-0223 – qpid-proton: TLS Man in the Middle Vulnerability

https://notcve.org/view.php?id=CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. Mientras investigábamos el error PROTON-2014, descubrimos que en algunas circunstancias las versiones de Apache Qpid Proton 0.9 a 0.27.0 (librería de C y sus adaptaciones de lenguaje) pueden conectarse a un peer de forma anónima utilizando TLS *incluso cuando está configurado para verificar el certificado del peer* mientras se utiliza con versiones de OpenSSL anteriores a la 1.1.0. Esto significa que un ataque man in the middle podría ser construido si un atacante puede interceptar el tráfico TLS. A cryptographic weakness was discovered in qpid-proton's use of TLS. • http://www.openwall.com/lists/oss-security/2019/04/23/4 http://www.securityfocus.com/bid/108044 https://access.redhat.com/errata/RHSA-2019:0886 https://access.redhat.com/errata/RHSA-2019:1398 https://access.redhat.com/errata/RHSA-2019:1399 https://access.redhat.com/errata/RHSA-2019:1400 https://access.redhat.com/errata/RHSA-2019:2777 https://access.redhat.com/errata/RHSA-2019:2778 https://access.redhat.com/errata/RHSA-2019:2779 https://access.redhat.com/errata/ • CWE-300: Channel Accessible by Non-Endpoint •

CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0

CVE-2019-11459 – evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()

https://notcve.org/view.php?id=CVE-2019-11459

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. Las funciones tiff_document_render() y tiff_document_get_thumbnail() en el backend de documentos TIFF en GNOME Evince hasta las versiones 3.32.0 no manejaron errores de TIFFReadRGBAImageOriented(), lo que llevó a un uso de memoria no inicializado cuando se procesaron ciertos archivos de imagen TIFF. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html https://access.redhat.com/errata/RHSA-2019:3553 https://gitlab.gnome.org/GNOME/evince/issues/1129 https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-125: Out-of-bounds Read CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-908: Use of Uninitialized Resource •