Total
133 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-2800 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). | |||||
CVE-2019-9518 | 11 Apache, Apple, Canonical and 8 more | 20 Traffic Server, Mac Os X, Swiftnio and 17 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. | |||||
CVE-2019-2644 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-2784 | 3 Fedoraproject, Oracle, Redhat | 7 Fedora, Mysql, Enterprise Linux and 4 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-11041 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
CVE-2019-2752 | 3 Fedoraproject, Oracle, Redhat | 7 Fedora, Mysql, Enterprise Linux and 4 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-2694 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-2815 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-16056 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | |||||
CVE-2019-2789 | 3 Fedoraproject, Oracle, Redhat | 7 Fedora, Mysql, Enterprise Linux and 4 more | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2019-11038 | 8 Canonical, Debian, Fedoraproject and 5 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | |||||
CVE-2019-2780 | 3 Fedoraproject, Oracle, Redhat | 7 Fedora, Mysql, Enterprise Linux and 4 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-2687 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-2585 | 3 Fedoraproject, Oracle, Redhat | 7 Fedora, Mysql, Enterprise Linux and 4 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-2688 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-2879 | 2 Oracle, Redhat | 6 Mysql, Enterprise Linux, Enterprise Linux Eus and 3 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2019-11042 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
CVE-2019-9513 | 12 Apache, Apple, Canonical and 9 more | 22 Traffic Server, Mac Os X, Swiftnio and 19 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. | |||||
CVE-2019-9514 | 13 Apache, Apple, Canonical and 10 more | 30 Traffic Server, Mac Os X, Swiftnio and 27 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | |||||
CVE-2019-2532 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |