37 matches found
CVE-2018-10892
CVE-2018-10892 : In Docker/Moby, the default OCI Linux spec (oci/defaults_linux.go) from 1.11 to current does not block /proc/acpi pathnames. This allows a container to affect host hardware state (e.g., enabling/disabling Bluetooth, changing keyboard brightness) by targeting /proc/acpi, represent...
CVE-2018-3639
CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...
CVE-2018-10915
CVE-2018-10915 affects libpq: the PostgreSQL client library may fail to reset internal state between connections, enabling untrusted host/hostaddr parameters to bypass client-side security and potentially enable access to higher-privilege connections or related SQL-injection impacts via PQescape(...
CVE-2018-2562
CVE-2018-2562 affects the MySQL Server component (Partition subcomponent) of Oracle MySQL. Affected versions include 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.19 and earlier. The vulnerability allows a low-privileged, network-attacker with access via multiple protocols to cause a hang or cr...
CVE-2018-2767
CVE-2018-2767 affects Oracle MySQL Server (subcomponent: Server: Security: Encryption). Affected are MySQL Server versions 5.5.60 and earlier, 5.6.40 and earlier, and 5.7.22 and earlier. The vulnerability allows a low-privilege attacker who can reach the server over multiple network protocols to ...
CVE-2018-2755
CVE-2018-2755 affects Oracle MySQL Server (Server: Replication) and is present in supported MySQL/MariaDB branches up to specific prior versions: 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The issue allows takeover of MySQL Server and requires logon with user interaction; imp...
CVE-2018-2668
CVE-2018-2668 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Affected: 5.5.58 and earlier; 5.6.38 and earlier; 5.7.20 and earlier. Description across sources: a low-privilege, network-accessible attacker can exploit via multiple protocols to cause a hang or ...
CVE-2018-2813
CVE-2018-2813 is reported in the F5 AWS advisory as a MySQL Server (subcomponent: Server: DDL) vulnerability. Affected are Oracle MySQL/MariaDB lineage versions 5.5.59 and prior, 5.6.39 and prior, and 5.7.21 and prior. The issue: a low-privileged attacker with network access can compromise MySQL ...
CVE-2018-10875
CVE-2018-10875 affects Ansible where ansible.cfg is read from the current working directory, allowing an attacker to influence the plugin/module path and potentially execute arbitrary code. The issue arises because the CWD can be manipulated to point to controlled code. Red Hat/Ubuntu/openSUSE ad...
CVE-2018-10855
CVE-2018-10855 affects Ansible: versions 2.5 prior to 2.5.5 and 2.4 prior to 2.4.5 do not honor the no_log flag for failed tasks, which can cause sensitive data passed to a task to be exposed in logs and on the user’s terminal when the task fails. Red Hat advisories (RHSA-2018:1948, RHSA-2019:005...
CVE-2018-2640
The CVE refers to CVE-2018-2640 in the MySQL/MariaDB family: the vulnerability is in the MySQL Server component (Server: Optimizer) and affects multiple supported branches (5.5.x, 5.6.x, 5.7.x) with ability for a network‑accessible, low‑privileged attacker to cause a hang or crash (DOS). Public a...
CVE-2018-2817
CVE-2018-2817 affects the MySQL/MariaDB server stack (MySQL Server component; subcomponents such as DDL/InnoDB/Optimizer) across multiple product lines. Affected versions include MySQL/MariaDB releases prior to upstream fixes (e.g., 5.5.x, 5.6.x, 5.7.x families as cited in the documents). Impact ...
CVE-2017-10268
CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...
CVE-2018-2622
CVE-2018-2622 affects MySQL Server (Server: DDL) with affected versions 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. It allows a network-based attacker with low privileges to cause a hang or complete denial-of-service. Multiple connected advisories (ALAS-2018-969, CentOS/CESA-2...
CVE-2018-2665
CVE-2018-2665 affects Oracle MySQL Server (Server: Optimizer). Affected releases include MySQL 5.5.58 and older, 5.6.38 and older, and 5.7.20 and older. The vulnerability is exploitable by a low-privileged attacker who can access the server over the network, and can lead to an unauthorized hang o...
CVE-2018-2771
CVE-2018-2771 affects the MySQL Server component (subcomponent: Server: Locking) across Oracle MySQL releases. Affected series include 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability is described as difficult to exploit but can allow a high-privilege attacker wit...
CVE-2018-11806
CVE-2018-11806 affects QEMU where the SLiRP networking back-end (mbuf.c) can perform a heap-based buffer overflow when reassembling fragmented datagrams. The described impact in the connected documents includes a potential host compromise via arbitrary code execution or denial of service due to a...
CVE-2018-2819
CVE-2018-2819 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability enables a low-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (comp...
CVE-2018-2761
CVE-2018-2761 affects the MySQL Server component (Client programs) of Oracle MySQL. Affected ranges are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. It enables an unauthenticated, network-accessible attacker to cause the MySQL Server to hang or crash (partial DOS). The descript...
CVE-2017-10378
CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...
CVE-2018-2781
CVE-2018-2781 is a vulnerability in the MySQL Server component (subcomponent: Server: Optimizer). Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The fixed text indicates an easily exploitable issue that allows a high-privileged attacker with network access v...
CVE-2017-3651
CVE-2017-3651 affects Oracle MySQL Server’s Client mysqldump component. Affected releases include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described in multiple advisories as a vulnerability that enables a low-privileged, network-accessing attacker to perform u...
CVE-2017-3653
CVE-2017-3653 affects the MySQL Server component (subcomponent: Server: DDL) in Oracle MySQL. Affected: MySQL Server versions 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. Description in connected advisories confirms the vulnerability is exploitable with network access via multi...
CVE-2017-3641
CVE-2017-3641 details (normal mode) : A vulnerability in the MySQL Server component (subcomponent: Server: DML) affecting MariaDB/MySQL Server. Affected versions include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described as exploitable by a high-privilege attac...
CVE-2017-10384
CVE-2017-10384 affects the MySQL Server component (Server: DDL) of Oracle MySQL. Affected versions include 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or a complete denial of service in ...
CVE-2017-3636
CVE-2017-3636 affects the MySQL/MariaDB stack (MySQL Server component, subcomponent: Client programs). Public details in connected documents confirm affected versions include 5.5.56 and earlier and 5.6.36 and earlier (as per initial). The vulnerability is exploitable with low privileges and local...
CVE-2017-10379
CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...
CVE-2018-10874
CVE-2018-10874 affects Ansible. The issue arises when inventory variables are loaded from the current working directory during ad-hoc commands, which attackers can control, enabling arbitrary code execution (local attacker could compromise the target via manipulated inventory vars). The NVD entry...
CVE-2018-1000115
CVE-2018-1000115 – Memcached UDP amplification vulnerability. Memcached 1.5.5 contains an Insufficient Control of Network Message Volume (CWE-406) in UDP support, enabling a remote attacker to perform a denial-of-service via UDP traffic to port 11211 (amplification ~1:50,000). The issue is mitiga...
CVE-2019-3895
CVE-2019-3895 describes an access-control flaw in the OpenStack Octavia service when deployed with Red Hat OpenStack Platform Director. The issue lets an attacker cause new amphorae to run from an arbitrary image; a remote attacker could upload a compromised amphora image and Octavia could spawn ...
CVE-2018-1059
The CVE concerns the DPDK vhost-user interface, where Guest Physical Addresses to Host Virtual Addresses translations do not verify that the requested guest physical range is fully mapped and contiguous. This can expose vhost-user backend memory to a malicious guest. The vulnerability affects all...
CVE-2017-18191
CVE-2017-18191 - OpenStack Nova: In OpenStack Nova 15.x (up to 15.1.0) and 16.x (up to 16.1.1), detaching and reattaching an encrypted volume can allow an attacker to access the underlying raw volume and corrupt the LUKS header, causing a denial of service on the compute host (data loss is noted ...
CVE-2018-14635
The CVE-2018-14635 vulnerability affects OpenStack Neutron’s ml2 Linux Bridge driver. The issue allows non-privileged tenants to create and attach ports without assigning an IP address, bypassing IP address validation. This can lead to a potential denial of service if an IP outside the allowed al...
CVE-2018-18438
CVE-2018-18438 affects QEMU and is caused by integer overflows due to using a signed integer for a size value in IOReadHandler and related functions. The vulnerability is rooted in QEMU’s IO read path, where a size parameter can overflow, enabling an overflow condition. The CVE entry itself lists...
CVE-2018-14432
Summary of CVE-2018-14432 (OpenStack Keystone federation) : An authenticated GET to /v3/OS-FEDERATION/projects could bypass access controls and disclose all projects and their attributes when Keystone’s /v3/OS-FEDERATION endpoint is enabled via policy.json. Affected releases include OpenStack Key...
CVE-2018-16856
CVE-2018-16856 affects the OpenStack Load Balancing service (openstack-octavia) in Red Hat OpenStack Platform Director installations. In affected builds, openstack-octavia before versions 2.0.2-5 and 3.0.1-0.20181009115732 creates log files readable by all users, allowing sensitive data such as p...
CVE-2018-14620
CVE-2018-14620 affects openstack-rabbitmq-container and openstack-containers shipped with Red Hat OpenStack Platform 12–14. Root cause: the rabbitmq_clusterer component is fetched over HTTP during docker build without integrity validation, enabling an attacker to inject malicious code into the im...