CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-13988 – poppler: out of bounds read in pdfunite
https://notcve.org/view.php?id=CVE-2018-13988
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. Poppler hasta la versión 0.62 contiene una vulnerabilidad de lectura fuera de límites debido a un acceso incorrecto a la memoria que no se mapea en su espacio de memoria, tal y como queda demostrado con pdfunite. Esto puede resultar en la corrupción de memoria y una denegación de servicio (DoS). • http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988 https://bugzilla.redhat.com/show_bug.cgi?id=1602838 https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee https://lists.debian.org/debian-lts-announce/2018/10/msg00024.ht • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2018-3081 – mysql: Client programs unspecified vulnerability (CPU Jul 2018)
https://notcve.org/view.php?id=CVE-2018-3081
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104779 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://access.redhat.com/errata/RHSA-2019:2327 https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://security.netapp.com/advisory/ntap-20180726-0002 https://usn.ubuntu.com/3725-1 https://usn.ubuntu.com/3 •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2018-3058 – mysql: MyISAM unspecified vulnerability (CPU Jul 2018)
https://notcve.org/view.php?id=CVE-2018-3058
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104766 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://access.redhat.com/errata/RHSA-2019:2327 https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://security.netapp.com/advisory/ntap-20180726- •
CVSS: 4.9EPSS: 0%CPEs: 21EXPL: 0CVE-2018-3066 – mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
https://notcve.org/view.php?id=CVE-2018-3066
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104766 http://www.securitytracker.com/id/1041294 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://access.redhat.com/errata/RHSA-2019:2327 https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html https://security.netapp.com/advisory/ntap-20180726- •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2018-2940 – JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)
https://notcve.org/view.php?id=CVE-2018-2940
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104768 http://www.securitytracker.com/id/1041302 https://access.redhat.com/errata/RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2256 https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2569 https://access.redhat.com/errata/ •