1669 matches found
Azure Linux 3.0 Security Update: mysql (CVE-2024-21171)
The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21171 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions th...
CVE-2025-1083 Mindskip xzs-mysql 学之思开源考试系统 CORS cross-domain policy
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely...
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion
Summary The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. Details The application uses string concatenation to build database connection URIs which are then passed to...
CVE-2025-24337
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust (CVE-2024-9681)
The version of cmake / curl / mysql / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent...
CVE-2025-21566
A flaw was found in MySQL Server, specifically in the Optimizer component. This vulnerability allows a low-privileged attacker to cause a hang or frequently repeatable crash, meaning a complete denial of service, via network access using multiple protocols...
CVE-2025-21531
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
CVE-2025-21522
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
CVE-2025-21504
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
AZL-58383 CVE-2025-21490 affecting package mysql for versions less than 8.0.41-1
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
AZL-58431 CVE-2025-21490 affecting package mysql for versions less than 8.0.41-1
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
CVE-2025-21521
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols ...
CVE-2025-21566
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
Oracle MySQL 安全漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL version 9.1.0 and prior versions. An attacker can use this vulnerability to create, delete, or modify...
CVE-2025-24337
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
Amazon Linux 2022 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2022-2022-012)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-012 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high...
CVE-2012-2677 affecting package mysql for versions less than 8.0.40-4
CVE-2012-2677 affecting package mysql for versions less than 8.0.40-4. A patched version of the package is available...
CVE-2024-49759
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "billname" parameter when creating a new bill. This vulnerability can...
CBL Mariner 2.0 Security Update: mysql (CVE-2024-2410)
The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2410 advisory. - The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON...
CVE-2024-2410 affecting package mysql for versions less than 8.0.40-2
CVE-2024-2410 affecting package mysql for versions less than 8.0.40-2. A patched version of the package is available...