Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
6.1CVSS
5.3AI Score
0.001EPSS
Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
6.1CVSS
5.5AI Score
0.001EPSS
Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
6.1CVSS
5.6AI Score
0.001EPSS
Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
5.7AI Score
0.001EPSS
Oracle Critical Patch Update Advisory - April 2019
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories.....
9.9CVSS
7.7AI Score
0.976EPSS
rh-mysql57-mysql is vulnerable to denial of service (DoS) attacks. The vulnerability exists as a vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily...
7.5CVSS
6.6AI Score
0.004EPSS
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...
8.8CVSS
9AI Score
0.001EPSS
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...
8.8CVSS
8.6AI Score
0.001EPSS
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...
8.8CVSS
9.1AI Score
0.001EPSS
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...
8.8AI Score
0.001EPSS
openSUSE: Security Advisory for zutils (openSUSE-SU-2018:2591-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.002EPSS
Security update for zutils (moderate)
This update for zutils to version 1.7 fixes one security issue: CVE-2018-1000637: buffer overrun in zcat utility (boo#1103878) Please note that the zutils zcat utility is distinct from the default gzip zcat...
3.1AI Score
0.002EPSS
libcurl.so is vulnerable to reusable NTLM connections. The vulnerability exists due to the improper checks of the NTLM state when checking if a connection exists, allowing reusable NTLM...
8.3AI Score
0.009EPSS
libcurl.so is vulnerable to information disclosure. HTTP headers are sent to both proxy and destination servers. This can lead to confidential information such as basic authorization headers containing user credentials being exposed to remote proxy...
8.8AI Score
0.004EPSS
EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2018-1190)
According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to...
7.5CVSS
-0.2AI Score
0.037EPSS
EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2018-1165)
According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have...
9.8CVSS
1.2AI Score
0.019EPSS
libtiff.so is vulnerable to denial of service (DoS) attacks. A malicious user can pass a tif file to the writeBufferToSeparateStrips function in tiffcrop.c to cause an out-of-bounds read that can crash the...
5.5CVSS
6.8AI Score
0.009EPSS
libcurl.so is vulnerable to authentication bypass. The library does not properly close Negotiate connections, allowing a malicious user to impersonate other users with a...
8.5AI Score
0.005EPSS
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....
7.5CVSS
5.9AI Score
0.002EPSS
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....
7.5CVSS
7.5AI Score
0.002EPSS
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....
7.5CVSS
7.6AI Score
0.002EPSS
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....
7.5CVSS
7.6AI Score
0.002EPSS
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....
3.7CVSS
7.7AI Score
0.002EPSS
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap....
7.5CVSS
7.4AI Score
0.002EPSS
polatkan.com XSS vulnerability
Open Bug Bounty ID: OBB-599229 Description| Value ---|--- Affected Website:| polatkan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
0.1AI Score
(RHSA-2018:0587) Important: rh-mysql56-mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.39). (BZ#1533831) Security Fix(es): mysql: sha256_password...
7.7AI Score
0.006EPSS
Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011688)
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that...
7.2AI Score
MySQL: Multiple vulnerabilities
Background A fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code without authentication or cause a partial denial...
7.7CVSS
8.5AI Score
0.957EPSS
GLSA-201802-04 : MySQL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code without...
7.7CVSS
8.3AI Score
0.957EPSS
Security Advisory Description CVE-2018-2591 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with...
6.5CVSS
6.6AI Score
0.001EPSS
Security update for mysql-community-server (important)
This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed: CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols...
7.3AI Score
0.946EPSS
openSUSE Security Update : mysql-community-server (openSUSE-2018-90)
This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed : CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols...
7.1CVSS
7.5AI Score
0.946EPSS
openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2018:0223-1)
The remote host is missing an update for...
7.1CVSS
7AI Score
0.946EPSS
FreeBSD : MySQL -- multiple vulnerabilities (e3445736-fd01-11e7-ac58-b499baebfeaf)
Oracle reports : Not all vulnerabilities are relevant for all flavors/versions of the servers and clients Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...
7.1CVSS
6.7AI Score
0.006EPSS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....
4.9CVSS
4.8AI Score
0.001EPSS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....
4.9CVSS
4.8AI Score
0.001EPSS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....
4.9CVSS
4.5AI Score
0.001EPSS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....
4.9CVSS
5AI Score
0.001EPSS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....
5AI Score
0.001EPSS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....
4.9CVSS
5.3AI Score
0.001EPSS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise.....
4.9CVSS
5AI Score
0.001EPSS
Oracle Mysql Security Updates (jan2018-3236628) 05 - Windows
Oracle MySQL is prone to a denial of service (DoS)...
4.9CVSS
5.2AI Score
0.001EPSS
MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.21. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....
7.1CVSS
7.5AI Score
0.946EPSS
Oracle Mysql Security Updates (jan2018-3236628) 05 - Linux
Oracle MySQL is prone to a denial of service (DoS)...
4.9CVSS
5.2AI Score
0.001EPSS
MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (RPM Check) (January 2018 CPU)
The version of MySQL running on the remote host is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....
7.1CVSS
7.6AI Score
0.946EPSS
MySQL 5.7.x < 5.7.21 Multiple Vulnerabilities (January 2018 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.21. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....
7.1CVSS
7.5AI Score
0.946EPSS
MySQL 5.6.x < 5.6.39 Multiple Vulnerabilities (January 2018 CPU)
The version of MySQL running on the remote host is 5.6.x prior to 5.6.39. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not....
7.1CVSS
7.6AI Score
0.946EPSS
Oracle Critical Patch Update - January 2018
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories.....
9.8CVSS
7.7AI Score
0.976EPSS
openSUSE Security Update : 389-ds (openSUSE-2017-1396)
This update for 389-ds fixes the following issues : CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes (bsc#1051997) CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation (bsc#997256) ...
9.8CVSS
7.9AI Score
0.023EPSS
(RHSA-2017:3442) Important: rh-mysql57-mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql (5.7.20). (BZ#1505114) Security Fix(es): This update fixes several...
7.4AI Score
0.004EPSS