CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2018-14354 – mutt: Remote code injection vulnerability to an IMAP mailbox
https://notcve.org/view.php?id=CVE-2018-14354
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto esto está relacionado ... • http://www.mutt.org/news.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 20EXPL: 0CVE-2018-14357 – mutt: Remote Code Execution via backquote characters
https://notcve.org/view.php?id=CVE-2018-14357
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto está relacionado con el comando mail... • http://www.mutt.org/news.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11806 – Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-11806
07 Jun 2018 — m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the Q... • http://www.openwall.com/lists/oss-security/2018/06/07/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 46%CPEs: 665EXPL: 7CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
21 May 2018 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas l... • https://packetstorm.news/files/id/147839 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 4.9EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2781 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2781
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 7.7EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2755 – mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2755
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impa... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 5.9EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2761 – mysql: Client programs unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2761
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2819 – mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2819
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability im... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 4.4EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2771 – mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2771
19 Apr 2018 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Ava... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-10194 – ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c
https://notcve.org/view.php?id=CVE-2018-10194
18 Apr 2018 — The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. La función set_text_distance en devices/vector/gdevpdts.c en el componente pdfwrite en Artifex Ghostscript, hasta la versión 9.22, no evita los desbordamientos en el cálculo de posi... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=39b1e54b2968620723bf32e96764c88797714879 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •