15242 matches found
K000139405: MySQL vulnerability CVE-2023-21950
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
Arbitrary Code Injection
mysql2 is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. This allows an attacker to inject arbitrary code into the system...
CVE-2024-21087
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in...
CVE-2024-21096
A flaw was found in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can resul...
CVE-2024-21069
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: DDL. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...
CVE-2024-21062
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...
CVE-2024-21054
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...
CVE-2024-21008
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...
CVE-2024-21047
A flaw was found in the MySQL Server product of Oracle MySQL component: InnoDB. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to...
CVE-2024-21009
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...
CVE-2024-20998
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
Vulnerabilities fixed in Oracle MySQL
Oracle has fixed vulnerabilities in several MySQL products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Access to sensitive data Oracle has fixed the...
CVE-2024-21056
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: DML. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...
CVE-2024-21055
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized...
CVE-2024-21053
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: DML. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...
CVE-2024-21051
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: DML. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...