Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0762

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-02 Mar, 2011 | 19:00
Updated At-06 Aug, 2024 | 22:05
Rejected At-
Credits

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:02 Mar, 2011 | 19:00
Updated At:06 Aug, 2024 | 22:05
Rejected At:
â–¼CVE Numbering Authority (CNA)

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
vendor-advisory
x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=133226187115472&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=133226187115472&w=2
vendor-advisory
x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
vendor-advisory
x_refsource_SUSE
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
vendor-advisory
x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0639
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0668
vdb-entry
x_refsource_VUPEN
http://www.debian.org/security/2011/dsa-2305
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/516748/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securityreason.com/securityalert/8109
third-party-advisory
x_refsource_SREASON
http://www.vupen.com/english/advisories/2011/0547
vdb-entry
x_refsource_VUPEN
http://www.exploit-db.com/exploits/16270
exploit
x_refsource_EXPLOIT-DB
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
vdb-entry
x_refsource_XF
http://cxib.net/stuff/vspoc232.c
x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
vendor-advisory
x_refsource_MANDRIVA
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0713
vdb-entry
x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
vendor-advisory
x_refsource_FEDORA
http://www.ubuntu.com/usn/USN-1098-1
vendor-advisory
x_refsource_UBUNTU
http://www.kb.cert.org/vuls/id/590604
third-party-advisory
x_refsource_CERT-VN
http://www.securitytracker.com/id?1025186
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/46617
vdb-entry
x_refsource_BID
http://securityreason.com/achievement_securityalert/95
third-party-advisory
x_refsource_SREASONRES
http://www.redhat.com/support/errata/RHSA-2011-0337.html
vendor-advisory
x_refsource_REDHAT
http://jvn.jp/en/jp/JVN37417423/index.html
third-party-advisory
x_refsource_JVN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.vupen.com/english/advisories/2011/0639
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0668
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.debian.org/security/2011/dsa-2305
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/archive/1/516748/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securityreason.com/securityalert/8109
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.vupen.com/english/advisories/2011/0547
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.exploit-db.com/exploits/16270
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://cxib.net/stuff/vspoc232.c
Resource:
x_refsource_MISC
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2011/0713
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.ubuntu.com/usn/USN-1098-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.kb.cert.org/vuls/id/590604
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securitytracker.com/id?1025186
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/46617
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://securityreason.com/achievement_securityalert/95
Resource:
third-party-advisory
x_refsource_SREASONRES
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0337.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://jvn.jp/en/jp/JVN37417423/index.html
Resource:
third-party-advisory
x_refsource_JVN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://marc.info/?l=bugtraq&m=133226187115472&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=133226187115472&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.vupen.com/english/advisories/2011/0639
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0668
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.debian.org/security/2011/dsa-2305
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/archive/1/516748/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securityreason.com/securityalert/8109
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.vupen.com/english/advisories/2011/0547
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.exploit-db.com/exploits/16270
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
vdb-entry
x_refsource_XF
x_transferred
http://cxib.net/stuff/vspoc232.c
x_refsource_MISC
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
vendor-advisory
x_refsource_MANDRIVA
x_transferred
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2011/0713
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.ubuntu.com/usn/USN-1098-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.kb.cert.org/vuls/id/590604
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securitytracker.com/id?1025186
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/46617
vdb-entry
x_refsource_BID
x_transferred
http://securityreason.com/achievement_securityalert/95
third-party-advisory
x_refsource_SREASONRES
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0337.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://jvn.jp/en/jp/JVN37417423/index.html
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0639
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0668
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2305
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/516748/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securityreason.com/securityalert/8109
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0547
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/16270
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://cxib.net/stuff/vspoc232.c
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0713
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1098-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/590604
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025186
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46617
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://securityreason.com/achievement_securityalert/95
Resource:
third-party-advisory
x_refsource_SREASONRES
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0337.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN37417423/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:02 Mar, 2011 | 20:00
Updated At:11 Apr, 2025 | 00:51

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
vsftpd_project
vsftpd_project
>>vsftpd>>Versions before 2.3.3(exclusive)
cpe:2.3:a:vsftpd_project:vsftpd:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.10
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.10
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>13
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>14
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>15
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.2
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.3
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>9
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>10
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
SUSE
suse
>>linux_enterprise_server>>10
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
SUSE
suse
>>linux_enterprise_server>>11
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelogcret@cert.org
Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741cret@cert.org
Issue Tracking
Third Party Advisory
http://cxib.net/stuff/vspoc232.ccret@cert.org
Broken Link
http://jvn.jp/en/jp/JVN37417423/index.htmlcret@cert.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.htmlcret@cert.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.htmlcret@cert.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.htmlcret@cert.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlcret@cert.org
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2cret@cert.org
Issue Tracking
Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2cret@cert.org
Issue Tracking
Third Party Advisory
http://securityreason.com/achievement_securityalert/95cret@cert.org
Exploit
Third Party Advisory
http://securityreason.com/securityalert/8109cret@cert.org
Exploit
Third Party Advisory
http://www.debian.org/security/2011/dsa-2305cret@cert.org
Third Party Advisory
http://www.exploit-db.com/exploits/16270cret@cert.org
Exploit
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/590604cret@cert.org
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049cret@cert.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0337.htmlcret@cert.org
Third Party Advisory
http://www.securityfocus.com/archive/1/516748/100/0/threadedcret@cert.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/46617cret@cert.org
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1025186cret@cert.org
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1098-1cret@cert.org
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0547cret@cert.org
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0639cret@cert.org
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0668cret@cert.org
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0713cret@cert.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873cret@cert.org
Third Party Advisory
VDB Entry
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelogaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
http://cxib.net/stuff/vspoc232.caf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://jvn.jp/en/jp/JVN37417423/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
http://securityreason.com/achievement_securityalert/95af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
http://securityreason.com/securityalert/8109af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
http://www.debian.org/security/2011/dsa-2305af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.exploit-db.com/exploits/16270af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/590604af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0337.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/516748/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/46617af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1025186af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1098-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0547af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0639af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0668af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0713af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
Source: cret@cert.org
Resource:
Broken Link
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
Source: cret@cert.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: http://cxib.net/stuff/vspoc232.c
Source: cret@cert.org
Resource:
Broken Link
Hyperlink: http://jvn.jp/en/jp/JVN37417423/index.html
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Source: cret@cert.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Source: cret@cert.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: http://securityreason.com/achievement_securityalert/95
Source: cret@cert.org
Resource:
Exploit
Third Party Advisory
Hyperlink: http://securityreason.com/securityalert/8109
Source: cret@cert.org
Resource:
Exploit
Third Party Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2305
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://www.exploit-db.com/exploits/16270
Source: cret@cert.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.kb.cert.org/vuls/id/590604
Source: cret@cert.org
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0337.html
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/516748/100/0/threaded
Source: cret@cert.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/46617
Source: cret@cert.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1025186
Source: cret@cert.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1098-1
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0547
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0639
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0668
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0713
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Source: cret@cert.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: http://cxib.net/stuff/vspoc232.c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://jvn.jp/en/jp/JVN37417423/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=133226187115472&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: http://securityreason.com/achievement_securityalert/95
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: http://securityreason.com/securityalert/8109
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2305
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.exploit-db.com/exploits/16270
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.kb.cert.org/vuls/id/590604
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0337.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/516748/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/46617
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1025186
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1098-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0547
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0639
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0668
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0713
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

754Records found
CVE-2020-2774
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.41% / 61.09%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle CorporationFedora Project
Product-oncommand_insightfedoraactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-2761
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.67% / 70.78%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle CorporationFedora Project
Product-oncommand_insightfedoraactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-2762
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.37% / 58.51%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle CorporationFedora Project
Product-ubuntu_linuxoncommand_insightfedoraactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-28200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.02% / 76.88%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 12:08
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.

Action-Not Available
Vendor-n/aFedora ProjectDovecot
Product-fedoradovecotn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-2779
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.58% / 68.47%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle CorporationFedora Project
Product-oncommand_insightfedoraactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-2660
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.41% / 61.14%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-2679
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.41% / 61.14%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-2759
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.30% / 52.92%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle CorporationFedora Project
Product-ubuntu_linuxoncommand_insightfedoraactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-25713
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.91%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 14:27
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

Action-Not Available
Vendor-librdfn/aDebian GNU/LinuxFedora Project
Product-debian_linuxraptor_rdf_syntax_libraryfedoraraptor2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-2577
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.26% / 48.68%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightactive_iq_unified_manageroncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2018-5380
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.86% / 74.62%
||
7 Day CHG~0.00%
Published-19 Feb, 2018 | 13:00
Updated-17 Sep, 2024 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

Action-Not Available
Vendor-quaggaQuaggaDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-ubuntu_linuxdebian_linuxquaggaruggedcom_rox_ii_firmwareruggedcom_rox_iibgpd
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-5388
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.5||MEDIUM
EPSS-4.30% / 88.62%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 00:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

Action-Not Available
Vendor-strongswanstrongSwanCanonical Ltd.Debian GNU/Linux
Product-strongswandebian_linuxubuntu_linuxstrongSwan
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-0401
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.41% / 60.95%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 02:50
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aMariaDB FoundationRed Hat, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_eusmariadbmysqlubuntu_linuxenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxn/a
CVE-2018-2780
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 65.17%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxmysqlMySQL Server
CVE-2018-2819
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxsnapcenterdebian_linuxmariadbenterprise_linux_server_ausenterprise_linux_workstationopenstackactive_iq_unified_managerenterprise_linux_eusoncommand_workflow_automationenterprise_linux_server_tusenterprise_linux_desktopmysqloncommand_insightMySQL Server
CVE-2018-3251
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.34%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Microsoft CorporationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxdebian_linuxmariadboncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-2759
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.64%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-2781
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.13% / 33.12%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxmariadboncommand_insightenterprise_linux_server_ausenterprise_linux_workstationopenstackactive_iq_unified_managerenterprise_linux_eusoncommand_workflow_automationenterprise_linux_server_tusenterprise_linux_desktopmysqlsnapcenterMySQL Server
CVE-2018-2779
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.38% / 58.97%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxmysqlMySQL Server
CVE-2018-2839
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.38% / 58.97%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storeoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3278
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 33.77%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-2784
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.68%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcenterdebian_linuxmariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3156
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Microsoft CorporationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcenterdebian_linuxmariadbstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqloncommand_insightMySQL Server
CVE-2018-3061
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.46% / 63.39%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3070
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 58.44%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterdebian_linuxstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-2817
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxsnapcenterdebian_linuxmariadbenterprise_linux_server_ausenterprise_linux_workstationopenstackactive_iq_unified_managerenterprise_linux_eusoncommand_workflow_automationenterprise_linux_server_tusenterprise_linux_desktopmysqloncommand_insightMySQL Server
CVE-2018-3063
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.32%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcenterdebian_linuxmariadboncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3173
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 37.76%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-2818
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.98% / 76.42%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterdebian_linuxstorage_automation_storeoncommand_workflow_automationoncommand_unified_managermysqloncommand_insightMySQL Server
CVE-2018-3054
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.41% / 60.82%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3133
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 64.05%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-snapcenterubuntu_linuxdebian_linuxmariadbactive_iq_unified_manageroncommand_workflow_automationoncommand_unified_managermysqloncommand_insightMySQL Server
CVE-2018-2810
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.64%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3282
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.13%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxmariadboncommand_insightenterprise_linux_workstationactive_iq_unified_manageroncommand_workflow_automationenterprise_linux_desktopmysqlsnapcenterMySQL Server
CVE-2018-3277
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 37.76%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3077
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.41% / 60.82%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3276
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 23.11%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-2846
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.38% / 58.97%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storeoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3143
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.64%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Microsoft CorporationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxdebian_linuxmariadboncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3162
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.42%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-2782
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.88%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcenterdebian_linuxmariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-2776
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.38% / 58.97%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxmysqlMySQL Server
CVE-2018-2777
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.64%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3155
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.7||HIGH
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3071
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.46% / 63.39%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3200
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 37.76%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2012-0578
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.64% / 70.06%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Action-Not Available
Vendor-n/aOracle CorporationMariaDB FoundationCanonical Ltd.
Product-mariadbmysqlubuntu_linuxn/a
CVE-2021-3634
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

Action-Not Available
Vendor-libsshn/aRed Hat, Inc.Oracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-virtualizationdebian_linuxcloud_backupfedoraenterprise_linuxlibsshmysql_workbenchlibssh
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32056
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 42.99%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 13:05
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

Action-Not Available
Vendor-cyrusn/aFedora Project
Product-imapfedoran/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-18065
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-11.46% / 93.44%
||
7 Day CHG~0.00%
Published-08 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Action-Not Available
Vendor-n/aDebian GNU/LinuxPalo Alto Networks, Inc.Canonical Ltd.Net-SNMPNetApp, Inc.
Product-net-snmpubuntu_linuxsolidfire_element_osdebian_linuxhyper_converged_infrastructurepan-oscloud_backupdata_ontape-series_santricity_os_controllerstoragegrid_webscalen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-16851
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-13.55% / 94.06%
||
7 Day CHG~0.00%
Published-28 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

Action-Not Available
Vendor-[UNKNOWN]Canonical Ltd.Debian GNU/LinuxSamba
Product-ubuntu_linuxdebian_linuxsambasamba
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found