Page 54 of 2001 results (0.010 seconds)

CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106626 https://access.redhat.com/errata/RHSA-2019:1258 https://access.redhat.com/errata/RHSA-2019:2327 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://security.netapp.com/advisory/ntap-20190118-0002 https://usn.ubuntu.com/3867-1 https://access.redhat.com/security/cve/CVE-2019-2503 https://bugzilla.redhat.com/show& •

CVSS: 5.9EPSS: 88%CPEs: 17EXPL: 0

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106597 https://access.redhat.com/errata/RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:1238 https://security.netapp.com/advisory/ntap-20190118-0001 https://access.redhat.com/security/cve/CVE-2019-2449 https://bugzilla.redhat.com/show_bug.cgi?id=1685601 •

CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. etcd, en sus versiones 3.2.x anteriores a la 3.2.26 y versiones 3.3.x anteriores a la 3.3.11, es vulnerable a una autorización incorrecta cuando se emplea un control de acceso basado en roles (RBAC) y client-cert-auth se encuentra habilitado. Si un certificado TLS del servidor etcd del cliente contiene un "Common Name" (CN) que coincide con un nombre de usuario RBAC válido, un atacante remoto podría autenticarse como dicho usuario con cualquier certificado (confiable) del cliente en una petición REST API en gRPC-gateway. Etcd, versions 3.2.0 through 3.2.25 and 3.3.0 through 3.3.10, are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server's TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. • http://www.securityfocus.com/bid/106540 https://access.redhat.com/errata/RHSA-2019:0237 https://access.redhat.com/errata/RHSA-2019:1352 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886 https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-287: Improper Authentication •

CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. En PolicyKit (también conocido como polkit) 0.115, el mecanismo de protección "start time" puede omitirse debido a que fork() no es atómico y, por lo tanto, las decisiones de autorización se cachean incorrectamente. Esto está relacionado con la falta de comprobación de uid en polkitbackend/polkitbackendinteractiveauthority.c. A vulnerability was found in polkit. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html http://www.securityfocus.com/bid/106537 https://access.redhat.com/errata/RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0420 https://access.redhat.com/errata/RHSA-2019:0832 https://access.redhat.com/errata/RHSA-2019:2699 https://access.redhat.com/errata/RHSA-2019:2978 https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf https • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 1

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. Se ha descubierto una lectura fuera de límites en systemd-journald en la forma en la que analiza mensajes de registro que terminan con dos puntos ":". Un atacante local puede emplear este error para divulgar datos de la memoria del proceso. • http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html http://seclists.org/fulldisclosure/2019/May/21 http://www.openwall.com/lists/oss-security/2019/05/10/4 http://www.securityfocus.com/bid/106527 https://access.redhat.com/errata/RHSA-2019:2091 https://access.redhat.com/errata/RHSA-2019:3222 https://access.redhat.com/errata/RHSA-2020:0593 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866 https://seclists.org/bugtraq/2019/May/25&# • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •