Lucene search

K

37 matches found

CVE
CVE
added 2018/07/06 4:29 p.m.4912 views

CVE-2018-10892

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

6.3CVSS5.3AI score0.00189EPSS
Web
CVE
CVE
added 2018/05/22 12:29 p.m.763 views

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...

5.5CVSS5.9AI score0.46737EPSS
In wildWeb
CVE
CVE
added 2018/08/09 8:29 p.m.390 views

CVE-2018-10915

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side co...

8.5CVSS7.3AI score0.01557EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.316 views

CVE-2018-2562

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

7.5CVSS6.7AI score0.00399EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.265 views

CVE-2018-2755

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher...

7.7CVSS6.6AI score0.00159EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.257 views

CVE-2018-2767

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multi...

3.5CVSS3.6AI score0.00383EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.256 views

CVE-2018-2813

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

4.3CVSS4.2AI score0.00269EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.254 views

CVE-2018-2668

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00344EPSS
CVE
CVE
added 2018/07/03 1:29 a.m.251 views

CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS5.7AI score0.02523EPSS
CVE
CVE
added 2018/07/13 10:29 p.m.251 views

CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

7.8CVSS7.7AI score0.00062EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.237 views

CVE-2018-2817

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

6.5CVSS6AI score0.00232EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.233 views

CVE-2018-2640

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00449EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.229 views

CVE-2017-10268

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur...

4.1CVSS4.2AI score0.00038EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.227 views

CVE-2018-2771

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

4.4CVSS5AI score0.00097EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.225 views

CVE-2018-2622

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

6.8CVSS6.3AI score0.00344EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.222 views

CVE-2018-2665

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00449EPSS
CVE
CVE
added 2018/06/13 4:29 p.m.221 views

CVE-2018-11806

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

8.2CVSS8.4AI score0.00055EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.219 views

CVE-2018-2819

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6AI score0.00232EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.215 views

CVE-2018-2761

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

5.9CVSS5.6AI score0.00249EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.209 views

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pro...

6.5CVSS6.2AI score0.00369EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.207 views

CVE-2017-3653

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...

3.5CVSS3.4AI score0.00313EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.207 views

CVE-2018-2781

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS5.4AI score0.00096EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.202 views

CVE-2017-3651

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot...

4.3CVSS4AI score0.00429EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.195 views

CVE-2017-3641

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.9AI score0.00119EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.188 views

CVE-2017-10384

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS5.5AI score0.00472EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.186 views

CVE-2017-3636

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

5.3CVSS4.9AI score0.00063EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.175 views

CVE-2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto...

6.5CVSS5.2AI score0.00347EPSS
CVE
CVE
added 2018/07/02 1:29 p.m.160 views

CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

7.8CVSS7.8AI score0.00061EPSS
CVE
CVE
added 2018/03/05 2:29 p.m.145 views

CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable source...

7.5CVSS7.4AI score0.79854EPSS
Web
CVE
CVE
added 2019/06/03 7:29 p.m.122 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to ...

8CVSS7.6AI score0.00691EPSS
CVE
CVE
added 2018/04/24 6:29 p.m.116 views

CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions be...

6.1CVSS5.8AI score0.00256EPSS
CVE
CVE
added 2018/02/19 5:29 p.m.90 views

CVE-2017-18191

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error al...

7.8CVSS7.3AI score0.01541EPSS
CVE
CVE
added 2018/09/10 7:29 p.m.78 views

CVE-2018-14635

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outsid...

6.5CVSS6.1AI score0.00404EPSS
CVE
CVE
added 2018/10/19 10:29 p.m.75 views

CVE-2018-18438

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

5.5CVSS7.1AI score0.0012EPSS
CVE
CVE
added 2018/07/31 2:29 p.m.70 views

CVE-2018-14432

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all proje...

5.3CVSS4.8AI score0.012EPSS
CVE
CVE
added 2019/03/26 6:29 p.m.70 views

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing...

7.5CVSS7.3AI score0.00267EPSS
CVE
CVE
added 2018/09/10 7:29 p.m.54 views

CVE-2018-14620

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container ...

9.8CVSS9.4AI score0.00131EPSS