CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 0CVE-2019-3900 – Kernel: vhost_net: infinite loop while receiving packets leads to DoS
https://notcve.org/view.php?id=CVE-2019-3900
25 Apr 2019 — An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras ma... • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3882 – kernel: denial of service vector through vfio DMA mappings
https://notcve.org/view.php?id=CVE-2019-3882
24 Apr 2019 — A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Se encontró un fallo en la implementación de la interfaz vfio del kernel de Linux que permite la violación del límite de memoria bl... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 0CVE-2019-9928
https://notcve.org/view.php?id=CVE-2019-9928
24 Apr 2019 — GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. GStreamer anterior a la versión 1.16.0 presenta una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el parser de conexión RTSP mediante una respuesta de servidor especialmente diseñada, lo que permite potencialmente la ejecución remota de código. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-11498 – wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS
https://notcve.org/view.php?id=CVE-2019-11498
24 Apr 2019 — WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. WavpackSetConfiguration64, en pack_utils.c, en libwavpack.a, en WavPack hasta la versión 5.1.0, tiene una condición "Conditional jump or move depends on uninitialised value", que podría permitir a los atacantes causar una deneg... • https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2019-11487 – kernel: Count overflow in FUSE request leading to use-after-free issues.
https://notcve.org/view.php?id=CVE-2019-11487
23 Apr 2019 — The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. El kernel de Linux, en versiones anteriores a 5.1-rc5, permite el desbordamiento de la cuenta de referencia de página->_refcount, con los consiguientes problemas de uso de m... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0CVE-2019-2683 – mysql: Server: Options unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2683
23 Apr 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Avail... • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html •
CVSS: 4.9EPSS: 0%CPEs: 28EXPL: 0CVE-2019-2627 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2627
23 Apr 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Sco... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html •
CVSS: 4.9EPSS: 0%CPEs: 22EXPL: 0CVE-2019-2628 – mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2628
23 Apr 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html •
CVSS: 4.4EPSS: 0%CPEs: 32EXPL: 0CVE-2019-2614 – mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2614
23 Apr 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 ... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2632
https://notcve.org/view.php?id=CVE-2019-2632
23 Apr 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impact... • http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html •