971 matches found
CVE-2023-22066
CVE-2023-22066 affects Oracle MySQL (InnoDB) with affected versions 8.0.34 and earlier and 8.1.0. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. Public documentation in the connected sources corroborate...
CVE-2022-21253
CVE-2022-21253 affects Oracle MySQL Server (Server: Optimizer) with the 8.0.27 and earlier versions. The vulnerability allows a high-privilege attacker who can reach the server over network protocols to cause a hang or frequent, repeatable crash (complete DoS). The connected advisories indicate r...
CVE-2018-3056
CVE-2018-3056 affects Oracle MySQL Server: Security: Privileges. Affected versions are MySQL 5.7.22 and earlier and 8.0.11 and earlier. An attacker with network access via multiple protocols can cause unauthorized read access to a subset of MySQL data. Remediation identified in connected advisori...
CVE-2021-2203
CVE-2021-2203 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.23 and earlier. Description indicates an easily exploitable vulnerability that, with network access via multiple protocols, could allow a high-privilege attacker to cause a hang or frequent crashes of My...
CVE-2022-21254
CVE-2022-21254 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.27 and earlier. Description in the CVE notes that a low-privilege attacker with network access via multiple protocols can cause a hang or lengthy crash of MySQL Server (DoS). Connected documents corrobo...
CVE-2022-21485
CVE-2022-21485 affects Oracle MySQL Cluster (Cluster: General). Affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, and 8.0.28 and prior. The flaw, in the Cluster General component, allows a high-privilege attacker with access to the hardware’s physical communications segment to re...
CVE-2022-21594
CVE-2022-21594 — MySQL Server (Optimizer) Denial of Service . Affects MySQL 8.0.x up to 8.0.30 (including 8.0.30 and prior). The vulnerability resides in the Server: Optimizer component and can be exploited remotely over multiple protocols by a high-privilege attacker to cause the MySQL Server to...
CVE-2018-3144
CVE-2018-3144 affects Oracle MySQL Server: Security: Audit. Affected are MySQL Server versions 5.7.23 and earlier and 8.0.12 and earlier. The vulnerability can be exploited remotely with network access via multiple protocols by an unauthenticated attacker to cause a hang or crash (complete DOS). ...
CVE-2018-3187
CVE-2018-3187 affects Oracle MySQL Server (subcomponent: Server: Optimizer). Affected versions: 5.7.23 and earlier; 8.0.12 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequently reproducible crash (DoS) and may also gain unauthorized...
CVE-2018-3283
CVE-2018-3283 is mapped to Oracle MySQL Server: Logging vulnerability. Connected Red Hat entry RHSA-2018:3655 confirms affected components and notes that affected MySQL server components require a security update; remediation is provided via updated MySQL packages (e.g., for the RHSA advisory, up...
CVE-2021-2481
CVE-2021-2481 affects Oracle MySQL Server (Server: Optimizer) on 8.0.26 and earlier. Vulnerability allows a low-privileged, network-access attacker to cause a hang or crash (DoS) via multiple protocols. A fix is available: upgrade to MySQL 8.0.30 (per AlmaLinux ALSA-2022-7119).
CVE-2021-35627
CVE-2021-35627 affects Oracle MySQL Server (Server: Optimizer) versions 8.0.26 and earlier. The vulnerability can be exploited by a high-privilege attacker who has network access via multiple protocols to cause a hang or crash (DoS) in MySQL Server. The base CVSS 3.1 score is 4.9 (Availability im...
CVE-2022-21293
CVE-2022-21293 affects Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition as listed: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE 20.3.4 and 21.3.0. The issue allows unauthenticated network-based exploitation via multiple protocols, potentially enabling a partial denial of serv...
CVE-2022-21367
CVE-2022-21367 affects Oracle MySQL Server (Server: Compiling) with vulnerable versions 5.7.36 and earlier, and 8.0.27 and earlier. The vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) and may enable unauthorized update/in...
CVE-2018-3054
CVE-2018-3054 affects Oracle MySQL Server (subcomponent: Server: DDL). Affected are MySQL 5.7.22 and earlier and 8.0.11 and earlier. Exploitation can cause a high-privilege attacker to trigger a denial of service (hang/crash) in MySQL Server (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Remediation is t...
CVE-2019-2950
CVE-2019-2950 affects Oracle MySQL's MySQL Server (Server: Optimizer). Affected version: 8.0.16 and prior. The issue is a vulnerability in the Optimizer that, if exploited by a high-privilege attacker with network access via multiple protocols, can cause the MySQL Server to hang or crash (complet...
CVE-2020-14827
Summary of CVE-2020-14827 : A vulnerability in Oracle MySQL Server (Server: Security: LDAP Auth) affects MySQL 5.7.x up to 5.7.31 and MySQL 8.0.x up to 8.0.21. An attacker with low privileges who can reach the server over multiple network protocols can exploit this to gain unauthorized access to ...
CVE-2020-2593
CVE-2020-2593 affects multiple OpenJDK/JRE components across the Java SE/Embedded stack (Networking, Security, Serialization, 2D, JAXP, Libraries, etc.). Connected advisories enumerate affected versions including Java SE 7u231/7u241, 8u221/8u231, 11.0.4/11.0.5, and 13.0.1, with OpenJDK builds for...
CVE-2021-35622
CVE-2021-35622 affects Oracle MySQL Server (Server: Security: Encryption) and is exploitable over the network on affected builds. Affected: MySQL 8.0.26 and earlier. Impact: attacker with high privileges can cause a hang or a complete DoS of MySQL Server (Availability impact). Connected documents...
CVE-2022-21256
CVE-2022-21256 affects Oracle MySQL Server, specifically the Group Replication Plugin. Affected: MySQL Server versions 8.0.27 and earlier. Exploitation requires high privileges over the network via multiple protocols and can cause the server to hang or crash (complete DoS). Remediation: upgrade t...
CVE-2022-21270
CVE-2022-21270 pertains to MySQL Server (Oracle MySQL), specifically the Federated server component. Affected are MySQL Server versions 5.7.36 and earlier, and 8.0.27 and earlier. The vulnerability enables a high-privilege attacker who can access the server over multiple network protocols to caus...
CVE-2024-21102
CVE-2024-21102 affects Oracle MySQL Server (component: Server: Thread Pooling). Affected versions are 8.0.36 and earlier, and 8.3.0 and earlier. The description states an easily exploitable vulnerability that, with network access via multiple protocols and a high-privilege attacker, can lead to a...
CVE-2018-3065
CVE-2018-3065 affects Oracle MySQL Server (Server: DML) prior to 5.7.23/8.0.x with 5.7.22 and 8.0.11 as affected baselines. It is exploitable by a low-privilege, network-accessible attacker via multiple protocols, and can cause a hang or crash (DoS) of MySQL Server. Remediation per sources points...
CVE-2022-21324
CVE-2022-21324 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The issue is described as a buffer-related vulnerability that could allow an attacker with access to the hardware’s physical commun...
CVE-2022-21412
CVE-2022-21412 involves Oracle MySQL Server (component: Server: Optimizer) with affected versions 8.0.28 and earlier. An attacker with network access and high privileges can cause the server to hang or crash (complete DOS). Public advisories confirm fixes in subsequent MySQL releases across distr...
CVE-2024-21002
CVE-2024-21002 affects Oracle Java SE (JavaFX) and Oracle GraalVM Enterprise Edition. Affected: Oracle Java SE 8u401; Oracle GraalVM Enterprise Edition 20.3.13 and 21.3.9. Exploitation requires user interaction; an unauthenticated attacker with login could indirectly impact data via updates/inser...
CVE-2024-21003
CVE-2024-21003 affects Oracle Java SE (JavaFX) and Oracle GraalVM Enterprise Edition. Affected: Oracle Java SE 8u401; GraalVM EE 20.3.13 and 21.3.9. Attack requires network access and user interaction; exploitation is difficult. Remediation is to apply the corresponding vendor fixes: Azul Zulu Op...
CVE-2021-22884
CVE-2021-22884 affects Node.js runtimes prior to 10.24.0, 12.21.0, 14.16.0 and 15.10.0, where the DNS rebinding protection can be bypassed due to a whitelist entry for “localhost6”. If an attacker controls or spoofs the victim’s DNS responses, they can exploit the DNS rebinding weakness to connec...
CVE-2022-21374
CVE-2022-21374 affects Oracle MySQL Server (component: Server: Information Schema). Connected sources indicate the root cause is an input validation error in the Server: Optimizer, enabling remote exploitation that could corrupt or delete data. Affected versions include 8.0.27 and earlier; remedi...
CVE-2022-21455
CVE-2022-21455 affects Oracle MySQL Server PAM Auth Plugin in MySQL 8.0.28 and earlier. The vulnerability enables a high-privilege attacker with network access (via multiple protocols) to compromise MySQL Server, potentially allowing unauthorized creation, deletion, or modification of critical da...
CVE-2022-21608
CVE-2022-21608 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected: MySQL 5.7.39 and earlier and 8.0.30 and earlier. Attack could be executed remotely with high privileges over multiple protocols, potentially causing the server to hang or crash (DoS). Public detail...
CVE-2021-35632
CVE-2021-35632 affects Oracle MySQL Server (Server: Data Dictionary). Affected: MySQL 8.0.26 and earlier. Description from the CVE notes an easily exploitable, local-privilege path that can cause a hang or complete DoS of MySQL Server. Connected documents corroborate that this CVE lies in the Dat...
CVE-2021-35637
CVE-2021-35637 affects Oracle MySQL Server (Server: PS) with affected versions 8.0.26 and earlier. The vulnerability is exploitable by a highly privileged attacker with network access via multiple protocols and can cause a hang or crash (DoS) of MySQL Server. Reported CVSS 3.1 base score is 4.9. ...
CVE-2022-21282
CVE-2022-21282 is a combined Java/Oracle Java SE/GraalVM issue reported across multiple advisories. The connected documents identify assorted affected components and versions, notably: Serialization , JAXP , Libraries , Hotspot , and ImageIO within Oracle Java SE and GraalVM Enterprise Edition. A...
CVE-2022-21302
CVE-2022-21302 affects MySQL Server (InnoDB) with affected version range 8.0.27 and earlier. The advisory indicates a low-privilege network-access vulnerability in InnoDB that can cause a hang or repeated crash (potential DOS). Observed mitigation in connected docs points to upgrading MySQL to 8....
CVE-2022-21434
CVE-2022-21434 affects Oracle Java SE and GraalVM Enterprise Edition. Connected advisories list multiple vulnerable components and affected versions: Oracle Java SE libraries and JAXP, as well as GraalVM EE components (Libraries, JAXP, Hotspot, 2D, ImageIO, etc.). Exploitation is described as net...
CVE-2021-35628
CVE-2021-35628 affects Oracle MySQL Server (Server: Optimizer) in versions 8.0.26 and earlier. A high-privilege attacker with network access via multiple protocols can cause the MySQL Server to hang or crash (DoS). The issue is associated with the Server: Optimizer component and is publicly catal...
CVE-2021-35631
The CVE-2021-35631 entry applies to Oracle MySQL Server (Server: GIS) with affected versions 8.0.26 and earlier. It describes a high-privilege attacker who can gain network access via multiple protocols to cause the MySQL server to hang or crash (complete DoS). The risk is supported by CVSS 3.1 v...
CVE-2022-21279
CVE-2022-21279 affects Oracle MySQL Cluster (Cluster: General) with vulnerable MySQL NDB Cluster components. Impacted versions include 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability is described in sources as an input validation error (and related re...
CVE-2022-21425
The CVE-2022-21425 issue affects Oracle MySQL Server (component: Server: DDL) with affected versions 8.0.28 and older. The vulnerability enables a high-privilege attacker who can reach MySQL Server over the network via multiple protocols to cause a hang or crash (denial of service) and potentiall...
CVE-2022-21617
CVE-2022-21617 affects Oracle MySQL Server, specifically the Server: Connection Handling component. Affected versions are MySQL 5.7.39 and earlier and 8.0.30 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequent, repeatable crashes (d...
CVE-2024-20977
CVE-2024-20977 affects MySQL Server (Oracle MySQL), specifically the Server: Optimizer (and related Server components) with vulnerable versions 8.0.35 and earlier and 8.2.0 and earlier. The issue is exploitable over the network by a low-privileged attacker via multiple protocols, potentially caus...
CVE-2020-14869
CVE-2020-14869 affects Oracle MySQL Server, specifically the LDAP Authentication path in the Server component. Affects MySQL 5.7.x up to 5.7.31 and earlier, and 8.0.x up to 8.0.21 and earlier. An attacker with network access can exploit via multiple protocols to cause a hang or a frequently repea...
CVE-2021-35634
CVE-2021-35634 affects Oracle MySQL Server (Server: Optimizer) and is listed as affected in 8.0.26 and earlier. The vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause a hang or complete DoS (A: high). Connected advisories indicate remediation by ...
CVE-2021-35638
CVE-2021-35638 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.26 and earlier. Exploitation by a high-privilege attacker with network access via multiple protocols can cause a hang or crash (DoS). Remediation in linked advisories shows upgrades to newer builds (e.g., MySQL 8....
CVE-2021-3629
CVE-2021-3629 affects Undertow. The vulnerability is a flow-control handling issue over HTTP/2 that may cause overhead or a denial of service, impacting availability. Affected versions are Undertow prior to 2.0.40.Final and prior to 2.2.11.Final. Remediation: upgrade to Undertow 2.0.40.Final or 2...
CVE-2022-21264
CVE-2022-21264 affects Oracle MySQL Server, specifically the Server: Optimizer, with vulnerable versions 8.0.27 and prior. The issue enables a high-privilege attacker with network access (via multiple protocols) to cause a hang or frequent, repeatable crash (complete DoS) of MySQL Server. Affecte...
CVE-2022-21351
CVE-2022-21351 affects Oracle MySQL Server (Server: Optimizer). Affected versions: 8.0.27 and prior. Root cause: input validation error in the Server: Optimizer component. Impact: can allow a low-privileged attacker with network access to cause a hang or a frequent crash (DoS) and unauthorized up...
CVE-2022-21370
CVE-2022-21370 affects Oracle MySQL Server (Server: Optimizer) with vulnerable versions up to 8.0.27. Root cause cited as an input validation/optimizer issue that could enable a high-privilege, network-remote attacker to cause a hang or complete DOS of MySQL Server. Public references show fixes i...
CVE-2023-22059
This CVE (CVE-2023-22059) affects Oracle MySQL Server, specifically the Server: Optimizer component. The vulnerability is present in MySQL 8.0.34 and earlier and in 8.1.0, with a low-privilege, network-access attacker able to exploit via multiple protocols to cause a hang or frequently repeated c...