Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-1968

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-31 Jul, 2013 | 10:00
Updated At-06 Aug, 2024 | 15:20
Rejected At-
Credits

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:31 Jul, 2013 | 10:00
Updated At:06 Aug, 2024 | 15:20
Rejected At:
▼CVE Numbering Authority (CNA)

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
mailing-list
x_refsource_MLIST
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
mailing-list
x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2014-0255.html
vendor-advisory
x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1893-1
vendor-advisory
x_refsource_UBUNTU
https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
x_refsource_CONFIRM
http://www.debian.org/security/2013/dsa-2703
vendor-advisory
x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986
vdb-entry
signature
x_refsource_OVAL
http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0255.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-1893-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2013/dsa-2703
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
mailing-list
x_refsource_MLIST
x_transferred
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
mailing-list
x_refsource_MLIST
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-0255.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ubuntu.com/usn/USN-1893-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2013/dsa-2703
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0255.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1893-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2013/dsa-2703
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:31 Jul, 2013 | 13:20
Updated At:11 Apr, 2025 | 00:51

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.5MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:P
CPE Matches
The Apache Software Foundation
apache
>>subversion>>Versions up to 1.6.21(inclusive)
cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.0
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.1
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.2
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.3
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.4
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.5
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.6
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.7
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.8
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.9
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.10
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.11
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.12
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.13
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.14
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.15
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.16
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.17
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.18
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.19
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.6.20
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
collabnet
collabnet
>>subversion>>1.6.17
cpe:2.3:a:collabnet:subversion:1.6.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.0
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.1
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.2
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.3
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.4
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.5
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.6
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.7
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.8
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>subversion>>1.7.9
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>13.04
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.htmlsecalert@redhat.com
N/A
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3Esecalert@redhat.com
N/A
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3Esecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2014-0255.htmlsecalert@redhat.com
N/A
http://www.debian.org/security/2013/dsa-2703secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1893-1secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986secalert@redhat.com
N/A
https://subversion.apache.org/security/CVE-2013-1968-advisory.txtsecalert@redhat.com
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-0255.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2013/dsa-2703af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1893-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986af854a3a-2127-422b-91ae-364da2661108
N/A
https://subversion.apache.org/security/CVE-2013-1968-advisory.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0255.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2703
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1893-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0255.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2703
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1893-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18986
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

29Records found
CVE-2020-17533
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-5.31% / 89.65%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 11:30
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Accumulo Improper Handling of Insufficient Permissions

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.

Action-Not Available
Vendor-The Apache Software Foundation
Product-accumuloApache Accumulo
CWE ID-CWE-252
Unchecked Return Value
CVE-2019-2991
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 65.95%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle CorporationFedora Project
Product-ubuntu_linuxsnapcenterfedoraactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2019-3880
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.2||MEDIUM
EPSS-2.95% / 85.91%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 15:18
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Action-Not Available
Vendor-Debian GNU/LinuxopenSUSESambaFedora ProjectRed Hat, Inc.
Product-debian_linuxsambaenterprise_linuxfedoragluster_storageleapsamba
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-2778
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.4||MEDIUM
EPSS-0.54% / 66.52%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-01 Oct, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).

Action-Not Available
Vendor-Oracle CorporationFedora ProjectRed Hat, Inc.Canonical Ltd.
Product-ubuntu_linuxsoftware_collectionsenterprise_linux_server_ausenterprise_linuxfedoraenterprise_linux_eusenterprise_linux_server_tusmysqlMySQL Server
CVE-2019-2758
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.06%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-01 Oct, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-MariaDB FoundationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxmysqlmariadbMySQL Server
CVE-2019-2819
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 55.36%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-01 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-Oracle CorporationRed Hat, Inc.Canonical Ltd.
Product-ubuntu_linuxsoftware_collectionsenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusmysqlMySQL Server
CVE-2019-17358
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 13:53
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSEThe Cacti Group, Inc.
Product-cactidebian_linuxleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-16777
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.29% / 51.78%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 01:00
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Overwrite in npm CLI

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Action-Not Available
Vendor-npmjsnpmopenSUSERed Hat, Inc.Fedora ProjectOracle Corporation
Product-graalvmenterprise_linuxfedoraenterprise_linux_eusnpmleapcli
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-0214
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-1.74% / 81.74%
||
7 Day CHG~0.00%
Published-30 Apr, 2019 | 21:48
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.

Action-Not Available
Vendor-The Apache Software Foundation
Product-archivaApache Archiva
CVE-2019-0226
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-4.9||MEDIUM
EPSS-1.62% / 81.04%
||
7 Day CHG~0.00%
Published-09 May, 2019 | 13:31
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.

Action-Not Available
Vendor-The Apache Software Foundation
Product-karafKaraf
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-2812
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 63.33%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storeoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-2787
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.48%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-MariaDB FoundationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxmysqlmariadbMySQL Server
CVE-2018-3187
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 59.26%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3060
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.29%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3064
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.30% / 52.63%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxdebian_linuxmariadboncommand_insightstorage_automation_storeoncommand_workflow_automationmysqlsnapcenterMySQL Server
CVE-2020-2760
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.03%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Fedora ProjectopenSUSEOracle CorporationCanonical Ltd.
Product-snapcenterubuntu_linuxmariadbfedoraactive_iq_unified_managerleaponcommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3185
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Microsoft CorporationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxmariadboncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-2786
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 29.04%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-MariaDB FoundationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxmysqlmariadbMySQL Server
CVE-2018-1288
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.4||MEDIUM
EPSS-0.93% / 75.18%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle Corporation
Product-jboss_middleware_text-only_advisoriesprimavera_p6_enterprise_project_portfolio_managementdatabasekafkatimesten_in-memory_databaseApache Kafka
CVE-2018-12467
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
delete package via link exploit in open buildservice

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceopenbuildservice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12466
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.4||MEDIUM
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
openbuildservice allowed deleting packages via project links

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.

Action-Not Available
Vendor-openSUSE
Product-open_build_serviceopenbuildservice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-10861
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.82% / 73.39%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Action-Not Available
Vendor-cephDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-ceph_storageenterprise_linux_serverdebian_linuxenterprise_linux_workstationceph_storage_monceph_storage_osdenterprise_linux_desktopcephleapceph
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2019-0213
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.83%
||
7 Day CHG-0.12%
Published-30 Apr, 2019 | 21:35
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

Action-Not Available
Vendor-The Apache Software Foundation
Product-archivaApache Archiva
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-15193
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 44.04%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:40
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory corruption in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

Action-Not Available
Vendor-Google LLCopenSUSETensorFlow
Product-tensorflowleaptensorflow
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-14643
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenteractive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2020-14651
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 58.78%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenteractive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2020-11038
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.18% / 40.33%
||
7 Day CHG~0.00%
Published-29 May, 2020 | 00:00
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow to Buffer Overflow in FreeRDP

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.

Action-Not Available
Vendor-openSUSEFreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxleapFreeRDP
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-3247
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 63.79%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2015-1856
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.87% / 74.27%
||
7 Day CHG~0.00%
Published-17 Apr, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

Action-Not Available
Vendor-n/aOpenStackCanonical Ltd.
Product-ubuntu_linuxswiftn/a
Details not found