Total
136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2536 | 3 Netapp, Oracle, Redhat | 10 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-11-21 | 1.2 LOW | 5.0 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H). | |||||
| CVE-2019-2535 | 3 Netapp, Oracle, Redhat | 10 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2534 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2019-2533 | 3 Netapp, Oracle, Redhat | 10 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2019-2532 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2531 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2530 | 3 Netapp, Oracle, Redhat | 10 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2436 | 3 Netapp, Oracle, Redhat | 10 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 7 more | 2024-11-21 | 5.5 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2019-2434 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-2420 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-17570 | 5 Apache, Canonical, Debian and 2 more | 6 Xml-rpc, Ubuntu Linux, Debian Linux and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. | |||||
| CVE-2019-16056 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | |||||
| CVE-2019-15605 | 6 Debian, Fedoraproject, Nodejs and 3 more | 13 Debian Linux, Fedora, Node.js and 10 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | |||||
| CVE-2019-15604 | 5 Debian, Nodejs, Opensuse and 2 more | 10 Debian Linux, Node.js, Leap and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | |||||
| CVE-2019-11043 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2024-11-21 | 7.5 HIGH | 8.7 HIGH |
| In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | |||||
| CVE-2019-11042 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11041 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11040 | 4 Debian, Opensuse, Php and 1 more | 4 Debian Linux, Leap, Php and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
| CVE-2019-11039 | 4 Debian, Opensuse, Php and 1 more | 4 Debian Linux, Leap, Php and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. | |||||
| CVE-2019-11038 | 8 Canonical, Debian, Fedoraproject and 5 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | |||||