Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3074 | 2 Netapp, Oracle | 5 Oncommand Insight, Oncommand Workflow Automation, Snapcenter and 2 more | 2019-10-02 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3073 | 2 Netapp, Oracle | 5 Oncommand Insight, Oncommand Workflow Automation, Snapcenter and 2 more | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3071 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3070 | 4 Canonical, Debian, Netapp and 1 more | 7 Ubuntu Linux, Debian Linux, Oncommand Insight and 4 more | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3067 | 2 Netapp, Oracle | 5 Oncommand Insight, Oncommand Workflow Automation, Snapcenter and 2 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3065 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3062 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2019-10-02 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3061 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3056 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2019-10-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-3054 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2846 | 3 Canonical, Netapp, Oracle | 7 Ubuntu Linux, Oncommand Insight, Oncommand Unified Manager and 4 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2818 | 4 Canonical, Debian, Netapp and 1 more | 8 Ubuntu Linux, Debian Linux, Oncommand Insight and 5 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2816 | 3 Canonical, Netapp, Oracle | 7 Ubuntu Linux, Oncommand Insight, Oncommand Unified Manager and 4 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2812 | 3 Canonical, Netapp, Oracle | 7 Ubuntu Linux, Oncommand Insight, Oncommand Unified Manager and 4 more | 2019-10-02 | 5.5 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2018-10546 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | |||||
| CVE-2018-17082 | 3 Debian, Netapp, Php | 3 Debian Linux, Storage Automation Store, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | |||||
| CVE-2017-16642 | 4 Canonical, Debian, Netapp and 1 more | 5 Ubuntu Linux, Debian Linux, Clustered Data Ontap and 2 more | 2019-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. | |||||
| CVE-2018-14884 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2019-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. | |||||
| CVE-2018-10547 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | |||||
| CVE-2018-14851 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | |||||