CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2819 – mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2819
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103814 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://lists. •
CVSS: 4.4EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2771 – mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2771
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103828 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://lists. •
CVSS: 5.9EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2761 – mysql: Client programs unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2761
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103820 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://lists. •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2018-7536 – django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
https://notcve.org/view.php?id=CVE-2018-7536
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Se ha descubierto un problema en Django, en versiones 2.0 anteriores a la 2.0.3; versiones 1.11 anteriores a la 1.11.11 y versiones 1.8 anteriores a la 1.8.19. La función django.utils.html.urlize() fue extremadamente lenta a la hora de evaluar ciertas entradas debido a vulnerabilidades catastróficas de búsqueda hacia atrás en dos expresiones regulares (solo una en el caso de las versiones 1.8.x de Django). • http://www.securityfocus.com/bid/103361 https://access.redhat.com/errata/RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2019:0051 https://access.redhat.com/errata/RHSA-2019:0082 https://access.redhat.com/errata/RHSA-2019:0265 https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2 https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16 https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8 https://lists.debian.org/debian-lts-announce/20 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 96%CPEs: 11EXPL: 2CVE-2018-1000115 – Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service
https://notcve.org/view.php?id=CVE-2018-1000115
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. Memcached 1.5.5 contiene una vulnerabilidad de control insuficiente de volumen de mensaje de red (amplificación de red, CWE-406) en el soporte UDP del servidor memcached que puede resultar en una denegación de servicio (DoS) mediante una inundación de red (fuentes fiables reportan una amplificación de tráfico de 1:50.000). Este ataque parece ser explotable mediante conectividad de red en el puerto UDP 11211. • https://www.exploit-db.com/exploits/44264 https://www.exploit-db.com/exploits/44265 https://access.redhat.com/errata/RHBA-2018:2140 https://access.redhat.com/errata/RHSA-2018:1593 https://access.redhat.com/errata/RHSA-2018:1627 https://access.redhat.com/errata/RHSA-2018:2331 https://access.redhat.com/errata/RHSA-2018:2857 https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974 https:/ • CWE-400: Uncontrolled Resource Consumption •