Page 48 of 1366 results (0.019 seconds)

CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K58502649 https://access.redhat.com/security/cve/CVE-2019-2584 https •

CVSS: 4.9EPSS: 0%CPEs: 20EXPL: 0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K58502649 https://usn.ubuntu.com/3957-1 https://access.redhat •

CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. Mientras investigábamos el error PROTON-2014, descubrimos que en algunas circunstancias las versiones de Apache Qpid Proton 0.9 a 0.27.0 (librería de C y sus adaptaciones de lenguaje) pueden conectarse a un peer de forma anónima utilizando TLS *incluso cuando está configurado para verificar el certificado del peer* mientras se utiliza con versiones de OpenSSL anteriores a la 1.1.0. Esto significa que un ataque man in the middle podría ser construido si un atacante puede interceptar el tráfico TLS. A cryptographic weakness was discovered in qpid-proton's use of TLS. • http://www.openwall.com/lists/oss-security/2019/04/23/4 http://www.securityfocus.com/bid/108044 https://access.redhat.com/errata/RHSA-2019:0886 https://access.redhat.com/errata/RHSA-2019:1398 https://access.redhat.com/errata/RHSA-2019:1399 https://access.redhat.com/errata/RHSA-2019:1400 https://access.redhat.com/errata/RHSA-2019:2777 https://access.redhat.com/errata/RHSA-2019:2778 https://access.redhat.com/errata/RHSA-2019:2779 https://access.redhat.com/errata/ • CWE-300: Channel Accessible by Non-Endpoint •

CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. Las funciones tiff_document_render() y tiff_document_get_thumbnail() en el backend de documentos TIFF en GNOME Evince hasta las versiones 3.32.0 no manejaron errores de TIFFReadRGBAImageOriented(), lo que llevó a un uso de memoria no inicializado cuando se procesaron ciertos archivos de imagen TIFF. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html https://access.redhat.com/errata/RHSA-2019:3553 https://gitlab.gnome.org/GNOME/evince/issues/1129 https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-125: Out-of-bounds Read CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-908: Use of Uninitialized Resource •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección "cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en la curva que se está utilizando", alias "Dragonblood", este problema es similar a CVE-2019-9498 y CVE-2019-9499. A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 https://bugzilla.redhat.com/show_bug.cgi?id=1695748 https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://freeradius.org/security https://papers.math • CWE-345: Insufficient Verification of Data Authenticity •