CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2017-3636 – mysql: Client programs unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3636
20 Jul 2017 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a s... • http://www.debian.org/security/2017/dsa-3922 •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3651 – mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3651
20 Jul 2017 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity imp... • http://rhn.redhat.com/errata/RHSA-2016-2927.html •
CVSS: 3.5EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3653 – mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3653
20 Jul 2017 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impact... • http://www.debian.org/security/2017/dsa-3922 •
CVSS: 4.9EPSS: 0%CPEs: 17EXPL: 0CVE-2017-3641 – mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3641
20 Jul 2017 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Ava... • http://www.debian.org/security/2017/dsa-3922 •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 0CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
23 May 2017 — In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en l... • https://access.redhat.com/errata/RHSA-2017:2418 • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
18 May 2017 — Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese c... • http://www.securityfocus.com/bid/98492 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2637 – rhosp-director: libvirtd is deployed with no authentication
https://notcve.org/view.php?id=CVE-2017-2637
18 May 2017 — A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to t... • http://www.securityfocus.com/bid/98576 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-8379 – Qemu: input: host memory lekage via keyboard events
https://notcve.org/view.php?id=CVE-2017-8379
16 May 2017 — Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. La pérdida de memoria en el soporte de controladores de eventos de entrada de teclado en QEMU (también conocido como Quick Emulator) permite a los usuarios privilegiados locales de SO invitados causar una denegación de servicio (consumo de memoria del host) al generar rápidamente evento... • http://www.openwall.com/lists/oss-security/2017/05/03/2 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2017-8309 – Qemu: audio: host memory leakage via capture buffer
https://notcve.org/view.php?id=CVE-2017-8309
16 May 2017 — Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. La pérdida de memoria en el audio/audio.c en QEMU (también conocido como Quick Emulator) permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) al iniciar y detener repetidamente la captura de audio. Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged atta... • http://www.securityfocus.com/bid/98302 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines
https://notcve.org/view.php?id=CVE-2017-7980
02 May 2017 — Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoque... • http://ubuntu.com/usn/usn-3289-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •