CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-2740 – mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2740
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availabili... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2019-2752 – mysql: Server: Options unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2752
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 3.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-2738 – mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2738
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 5.1EPSS: 0%CPEs: 23EXPL: 0CVE-2019-2739 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2739
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server ... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-9959 – poppler: integer overflow in JPXStream::init function leading to memory consumption
https://notcve.org/view.php?id=CVE-2019-9959
22 Jul 2019 — The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. La función JPXStream::init en Poppler versión 0.78.0 y anteriores, no comprueba los valores negativos de la longitud de la transmisión, lo que conlleva a un Desbordamiento de Enteros, y por lo tanto hace posible asignar una gr... • http://www.securityfocus.com/bid/109342 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 17%CPEs: 17EXPL: 0CVE-2019-12527 – squid: heap-based buffer overflow in HttpHeader::getAuth
https://notcve.org/view.php?id=CVE-2019-12527
11 Jul 2019 — An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. Se detectó un problema en Squid versiones 4.0.23 hasta 4.7. Al comprobar la autenticación básica con la función HttpHeader::getAuth, Squid utiliza un búfer global para almacenar los datos descodificado... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-13313 – Libosinfo: osinfo-install-script option leaks password via command line argument
https://notcve.org/view.php?id=CVE-2019-13313
05 Jul 2019 — libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. libosinfo versión 1.5.0, permite a los usuarios locales descubrir credenciales mediante la enumeración de un proceso, porque las credenciales son pasadas en un script de instalación de osinfo por medio de la línea de comandos. A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', acc... • http://www.openwall.com/lists/oss-security/2019/07/08/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2019-12450 – glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress
https://notcve.org/view.php?id=CVE-2019-12450
29 May 2019 — file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. La función file_copy_fallback en el archivo gio/gfile.c en GNOME GLib versión 2.15.0 hasta la 2.61.1, no restringe apropiadamente los permisos de los archivos durante una operación de copia en progreso. En su lugar, se utilizan los permisos por defecto. GLib provides the core application building blocks for libraries a... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html • CWE-276: Incorrect Default Permissions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 2%CPEs: 95EXPL: 0CVE-2019-0820 – dotnet: timeouts for regular expressions are not enforced
https://notcve.org/view.php?id=CVE-2019-0820
16 May 2019 — A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework y .NET Core procesan inapropiadamente cadenas RegEx, conocidas como ".NET Framework y .NET Core Denial of Service Vulnerability". Este ID de CVE es diferente de CVE-2019-0980, CVE-2019-0981. .NET Co... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2019-11833 – kernel: fs/ext4/extents.c leads to information disclosure
https://notcve.org/view.php?id=CVE-2019-11833
15 May 2019 — fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. fs / ext4 / extents.c en el kernel de Linux hasta 5.1.2 no pone a cero la región de memoria no utilizada en el bloque del árbol de extensión, lo que podría permitir a los usuarios locales obtener información confidencial al leer datos no inicializados en el sistema de archivos. A... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •