CVE-2019-0211

CVE-2019-0211 affects Apache HTTP Server 2.4.17–2.4.38 when using MPM event, worker, or prefork. The issue arises from code executing in less-privileged child processes/threads (including in-process scripting interpreters) that could be exploited to run arbitrary code with the privileges of the p...

CVE-2017-3167

CVE-2017-3167 affects Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26. The issue is that third‑party modules using ap_get_basic_auth_pw() outside the authentication phase can bypass authentication requirements. Connected sources confirm the impact and upstream fixes: update to httpd ...

CVE-2017-7668

CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...

CVE-2018-15473

OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...

CVE-2016-10708

OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...

CVE-2019-0217

This CVE affects Apache HTTP Server 2.4.x up to 2.4.38, where a race condition in mod_auth_digest could allow an authenticated user to act as another user and bypass access control. The issue is tied to running in threaded MPMs; the underlying cause is a race condition in authentication handling....

CVE-2017-9788

Apache httpd vulnerability CVE-2017-9788 stems from mod_auth_digest not initializing or resetting the value placeholder in Digest Proxy-Authorization headers between key=value assignments, which can leak previous memory data or cause a segfault/DoS. Affected: httpd 2.2.34 and 2.4.x prior to 2.4.2...

CVE-2016-8743

The CVE-2016-8743 issue affects Apache HTTP Server. It concerns how whitespace is accepted in requests and sent in response lines and headers in all releases before 2.2.32 and 2.4.25. The root problem is liberal whitespace handling, which can enable request smuggling, response splitting, and cach...

CVE-2010-1871

CVE-2010-1871 affects JBoss Seam 2 (jboss-seam2) as used in Red Hat Linux’s JBoss Enterprise Application Platform 4.3.0. The vulnerability stems from inadequate sanitization of inputs to JBoss Expression Language (EL) expressions, enabling remote code execution via a crafted URL when the Java Sec...

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

CVE-2018-8014

CVE-2018-8014 affects the default configuration of Tomcat’s CORS filter, where default settings enable supportsCredentials for all origins across multiple releases (9.0.0.M1–9.0.8, 8.5.0–8.5.31, 8.0.0.RC1–8.0.52, 7.0.41–7.0.88). The issue is that environments relying on the default CORS configura...

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

CVE-2019-2537

CVE-2019-2537 affects the MySQL Server component (subcomponent: Server: DDL) of Oracle MySQL. Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Description in connected docs confirms an easily exploitable, network-accessible vulnerability that can cause the MySQL Server to hang or c...

CVE-2019-2529

CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

CVE-2018-0734

CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...

CVE-2019-2481

CVE-2019-2481 affects Oracle MySQL Server (Server: Optimizer). Affected versions are 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability can be exploited by a high-privileged attacker over the network to cause a hang or a frequently repeating crash (complete DoS) of MySQL ...

CVE-2018-3133

CVE-2018-3133 concerns Oracle MySQL Server (subcomponent: Server: Parser). Affected are MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can trigger a hang or frequen...

CVE-2018-10933

CVE-2018-10933 affects libssh, specifically the server-side state machine, where versions prior to 0.7.6 and 0.8.4 allow an unauthenticated attacker to create channels and gain unauthorized access. The underlying issue is an authentication bypass in the server code, reported by multiple vendors a...

CVE-2019-2534

CVE-2019-2534 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability is exploitable by a low-privileged attacker with network access via multiple protocols, potentially leading to una...

CVE-2019-2422

CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...

CVE-2018-3156

CVE-2018-3156 affects Oracle MySQL Server (subcomponents: InnoDB; also referenced in multiple advisories) with affected versions: 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. According to the connected advisories for Linux distributions, the vulnerability enables network-access...

CVE-2018-3251

CVE-2018-3251 affects Oracle MySQL Server (InnoDB). Affected: 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier. Exploitation via network against multiple protocols can cause a hang or crash (DOS). Several advisories reference fixes in corresponding OS/package updates (e.g., ALAS and Deb...

CVE-2018-3143

CVE-2018-3143 is a vulnerability in the MySQL Server component (subcomponent: InnoDB) affecting Oracle MySQL. Affected versions are 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. It allows a low-privilege, network-attacker to cause a hang or crash (DoS) via multiple protocols. The issu...

CVE-2019-2531

CVE-2019-2531 affects the MySQL Server component (subcomponent: Server: Replication) of Oracle MySQL. Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability allows a high-privileged, network-access attacker to cause a hang or a frequent crash (DOS)...

CVE-2018-3185

CVE-2018-3185 is a MySQL Server (InnoDB) vulnerability affecting 5.7.23 and earlier and 8.0.12 and earlier. The connected F5 advisory confirms exploitable remote access via multiple protocols by a high-privilege attacker, potentially causing a hang or crash (DoS) and unauthorized data updates. Th...

CVE-2018-2952

CVE-2018-2952 affects OpenJDK/OpenJDK-derived Java runtimes (Java SE 7/8 and JRockit) in the Concurrency component. The root cause is insufficient index validation in PatternSyntaxException getMessage(), enabling unauthenticated network-based exploitation that can cause a denial of service via me...

CVE-2020-14798

CVE-2020-14798 is a vulnerability in Oracle Java SE Libraries affecting Java SE versions 7u271, 8u261, 11.0.8 and 15, and Java SE Embedded 8u261. Exploitation is possible over network with multiple protocols and does not require authentication, but requires user interaction. Impact described as p...

CVE-2020-14803

CVE-2020-14803 affects Oracle Java SE Libraries in Java SE 11.0.8 and 15. The vulnerability allows an unauthenticated attacker over network to read a subset of Java SE data due to an issue in Libraries handling, per the CVSS base score 5.3 (CONF). Affected advisories across platforms corroborate ...

CVE-2018-11212

CVE-2018-11212 affects libjpeg/libjpeg-turbo: the alloc_sarray function in jmemmgr.c allows a remote attacker to cause a denial of service via a crafted file due to a divide-by-zero error. Public advisories (e.g., ALAS2-2019-1198, ALAS-2019-1286, AL2/ALSA-centos/CESA-2019:2052, Debian DLA-1638-1)...

CVE-2019-2539

In the provided connected documents, CVE-2019-2539 is described as a vulnerability in the MySQL Server component (subcomponent: Server: Connection). Affected versions are 8.0.13 and prior. The flaw can be exploited by a highly privileged attacker with network access via multiple protocols to caus...

CVE-2019-2434

CVE-2019-2434 affects the Oracle MySQL Server component (subcomponent: Server: Parser). Affected versions include 5.7.24 and earlier and 8.0.13 and earlier. It is exploitable over the network by a low-privileged attacker and can cause a hang or a crash (availability impact) in MySQL Server. The C...

CVE-2020-14796

CVE-2020-14796 affects the Libraries component in Oracle Java SE/Java SE Embedded across multiple OpenJDK builds (e.g., Java-7u271? Java-8u261? Java-11.0.8? Java-15; Embedded 8u261). The vulnerability can be exploited by an unauthenticated attacker over network protocols, but exploitation require...

CVE-2019-2535

CVE-2019-2535 affects Oracle MySQL Server (subcomponent: Server: Options). From the public records, affected versions are 8.0.13 and prior. The vulnerability is described as difficult to exploit but can allow a high-privileged attacker who can log on to the host where MySQL Server runs to comprom...

CVE-2019-2420

CVE-2019-2420 is a vulnerability in the Oracle MySQL Server: Optimizer subcomponent. Affected products/versions include MySQL Server 5.7.24 and prior and 8.0.13 and prior; exploitation requires network access and high privileges, via multiple protocols, to cause a hang or frequent crash (DoS). Co...

CVE-2020-14792

CVE-2020-14792 is an Oracle Java OpenJDK vulnerability affecting Java SE and Embedded runtimes (Hotspot/Libraries components) with the root issue described as “Better range handling.” Affected versions include Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. The connected advisories...

CVE-2019-2532

CVE-2019-2532 affects Oracle MySQL Server, subcomponent Server: Security: Privileges. Affected: MySQL Server versions 5.7.24 and earlier, and 8.0.13 and earlier. Description states an easily exploitable, network-accessible vulnerability that can grant high privileges to an attacker and may cause ...

CVE-2019-2530

CVE-2019-2530 is a vulnerability in Oracle MySQL Server (Server: Optimizer). Affected are MySQL 8.0.13 and earlier. It allows a high-privileged attacker with network access to cause a hang or a frequent crash (DoS); CVSS 3.1 base score 4.9. Remediation in advisories (e.g., RHSA-2019:2511) is to u...

CVE-2019-2533

CVE-2019-2533 affects Oracle MySQL Server (Server: Privileges) with affected versions up to 8.0.13. The vulnerability allows a low-privileged, networked attacker to compromise MySQL Server, potentially leading to unauthorized creation, deletion or modification of data or access to all data on the...

CVE-2019-2536

CVE-2019-2536 affects the MySQL Server subcomponent “Server: Packaging” in Oracle MySQL. Affected versions are 8.0.13 and earlier. The vulnerability is described as difficult to exploit and requires a user with high privileges and user interaction, with the potential to cause a hang or a complete...

CVE-2019-2436

CVE-2019-2436 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected: MySQL 8.0.13 and prior. Impact: high-privilege attacker with network access via multiple protocols can cause a hang or complete denial of service, and can also update/insert/delete some data. Remediation: upg...

CVE-2020-14797

CVE-2020-14797 affects Oracle/OpenJDK Java SE Libraries (path validation) across multiple Java versions. Connected sources indicate this vulnerability residing in the Libraries component with affected OpenJDK packages such as java-1.8.0-openjdk and related ALAS/Amazon advisories, listing path val...

CVE-2018-3155

CVE-2018-3155 affects Oracle MySQL MySQL Server (Parser) component. Affects MySQL versions 5.7.23 and earlier and 8.0.12 and earlier. Attack requires network access from low-privilege user and can cause a hang or frequently repeatable crash (DoS) of MySQL Server; CVSSv3 base score 7.7 (HIGH), vec...

CVE-2019-18276

CVE-2019-18276 affects GNU Bash up to 5.0 patch 11, where disable_priv_mode in shell.c incorrectly drops privileges when UID real != effective, leaving the saved UID intact. An attacker with shell command execution can use enable -f to load a new builtin (shared object) that calls setuid(), regai...

CVE-2018-3278

CVE-2018-3278 affects Oracle MySQL Server (component: Server: RBR). Affected versions: 5.6.41 and prior; 5.7.23 and prior; 8.0.12 and prior. An attacker with network access via multiple protocols and high privileges can, per the description, cause a hang or a frequently repeatable crash (DOS). Th...

CVE-2018-3144

CVE-2018-3144 affects Oracle MySQL Server: Security: Audit. Affected are MySQL Server versions 5.7.23 and earlier and 8.0.12 and earlier. The vulnerability can be exploited remotely with network access via multiple protocols by an unauthenticated attacker to cause a hang or crash (complete DOS). ...

CVE-2018-3187

CVE-2018-3187 affects Oracle MySQL Server (subcomponent: Server: Optimizer). Affected versions: 5.7.23 and earlier; 8.0.12 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequently reproducible crash (DoS) and may also gain unauthorized...

CVE-2018-3283

CVE-2018-3283 is mapped to Oracle MySQL Server: Logging vulnerability. Connected Red Hat entry RHSA-2018:3655 confirms affected components and notes that affected MySQL server components require a security update; remediation is provided via updated MySQL packages (e.g., for the RHSA advisory, up...