CVSS: 6.1EPSS: 0%CPEs: 218EXPL: 7CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://github.com/isacaya/CVE-2019-11358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.3EPSS: 94%CPEs: 13EXPL: 24CVE-2018-11776 – Apache Struts Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-11776
22 Aug 2018 — Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. Apache Struts, desde la versión 2.3 hasta la ... • https://packetstorm.news/files/id/172830 •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-3633 – mysql: Server: Memcached unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3633
20 Jul 2017 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete a... • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 5%CPEs: 38EXPL: 0CVE-2015-2568 – mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2568
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Privileges. MariaDB is a multi-user, multi-threaded SQL database server that is binary... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 9.1EPSS: 2%CPEs: 9EXPL: 0CVE-2015-0423 – Gentoo Linux Security Advisory 201507-19
https://notcve.org/view.php?id=CVE-2015-0423
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Optimizer. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than ... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 8.8EPSS: 0%CPEs: 38EXPL: 0CVE-2015-0433 – mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0433
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con InnoDB : DML. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was foun... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-0500 – Gentoo Linux Security Advisory 201507-19
https://notcve.org/view.php?id=CVE-2015-0500
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.23 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.6.24 are affected. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 10.0EPSS: 89%CPEs: 33EXPL: 40CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 14%CPEs: 15EXPL: 0CVE-2015-0411 – mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2015-0411
21 Jan 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores, y 5.6.21 y anteriores, permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Server : Security : Encryption. Multiple s... • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html •