CVSS: 4.4EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2771 – mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2771
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.9EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2781 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2781
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2018-2813 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2813
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2819 – mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2819
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability im... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2018-6797 – perl: heap write overflow in regcomp.c
https://notcve.org/view.php?id=CVE-2018-6797
16 Apr 2018 — An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. Se ha descubierto un problema en Perl 5.26. Una expresión regular manipulada puede provocar un desbordamiento de búfer basado en memoria dinámica (heap), con control sobre los bytes que se escriben. A heap buffer write overflow, with control over the bytes written, was found in the way regular expressions employing Unicode rules are compiled. • http://www.securitytracker.com/id/1040681 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1086 – pcs: Debug parameter removal bypass, allowing information disclosure
https://notcve.org/view.php?id=CVE-2018-1086
11 Apr 2018 — pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege. pcs, en versiones anteriores a la 0.9.164 y 0.10, es vulnerable a una omisión de eliminación de un parámetro de depuración. La interfaz REST del servicio pcsd no eliminó correctamente el ar... • https://access.redhat.com/errata/RHSA-2018:1060 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 42%CPEs: 29EXPL: 1CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
06 Apr 2018 — GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; espe... • https://packetstorm.news/files/id/154124 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2018-6914 – ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
https://notcve.org/view.php?id=CVE-2018-6914
30 Mar 2018 — Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. Vulnerabilidad de salto de directorio en el método Dir.mktmpdir en la biblioteca tmpdir en Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2018-8777 – ruby: DoS by large request in WEBrick
https://notcve.org/view.php?id=CVE-2018-8777
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante puede pasar una petición HTT... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-8778 – ruby: Buffer under-read in String#unpack
https://notcve.org/view.php?id=CVE-2018-8778
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atac... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-134: Use of Externally-Controlled Format String •