CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-14494 – poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc
https://notcve.org/view.php?id=CVE-2019-14494
01 Aug 2019 — An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Se detectó un problema en Poppler hasta versión 0.78.0. Se presenta un error de división por cero en la función SplashOutputDev::tilingPatternFill en el archivo SplashOutputDev.cc. A divide-by-zero error was found in the way Poppler handled certain PDF files. • https://gitlab.freedesktop.org/poppler/poppler/issues/802 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14452
https://notcve.org/view.php?id=CVE-2019-14452
31 Jul 2019 — Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. Sigil anterior a versión 0.9.16, es vulnerable a un salto de directorio, permitiendo a los atacantes escribir archivos arbitrarios por medio de un ../ (punto punto barra) en una entrada de archivo ZIP que es manejada inapropiadamente durante la extracción. • https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-1020014
https://notcve.org/view.php?id=CVE-2019-1020014
29 Jul 2019 — docker-credential-helpers before 0.6.3 has a double free in the List functions. docker-credential-helpers anterior a versión 0.6.3, presenta una Vulnerabilidad de Doble Liberación en las funciones List. • https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13565
https://notcve.org/view.php?id=CVE-2019-13565
26 Jul 2019 — An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, et... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html •
CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13057
https://notcve.org/view.php?id=CVE-2019-13057
26 Jul 2019 — An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy di... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2819 – mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2819
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-2805 – mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2805
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availab... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 4.2EPSS: 0%CPEs: 17EXPL: 0CVE-2019-2797 – mysql: Client programs unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2797
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS)... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2791
https://notcve.org/view.php?id=CVE-2019-2791
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL ... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2019-2778 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2778
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial ... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •