971 matches found
CVE-2022-21348
CVE-2022-21348 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.27 and earlier. The vulnerability allows a high-privilege attacker with network access to cause a hang or frequent crashes in MySQL Server (complete DoS) per the CVE description. Connected advisories indicate mitigatio...
CVE-2023-21933
CVE-2023-21933 affects Oracle MySQL Server (component: Server: DDL). Affected: MySQL 8.0.32 and earlier. Described as an easily exploitable vulnerability where a high-privilege attacker, through network access via multiple protocols, can cause the server to hang or crash (DoS). The F5 advisory no...
CVE-2024-20961
CVE-2024-20961 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.35 and prior, 8.2.0 and prior. Vulnerability allows a low-privilege attacker with network access via multiple protocols to cause the server to hang or crash (DoS). CVSS 3.1 base score 6.5 (Availability: High impac...
CVE-2018-3077
CVE-2018-3077 affects Oracle MySQL Server: DDL. Affected: MySQL 5.7.22 and earlier; 8.0.11 and earlier. Exploitation can cause a denial of service with high availability impact, exploitable with network access via multiple protocols and requires HIGH privileges. Root cause is in the Server: DDL h...
CVE-2018-3285
CVE-2018-3285 is a vulnerability in the MySQL Server component of Oracle MySQL (Server: Windows). Affected versions are 8.0.12 and prior. It allows a high-privileged attacker with network access via multiple protocols to cause a hang or a frequently repeating crash (complete DOS) of MySQL Server....
CVE-2021-35645
CVE-2021-35645 affects Oracle MySQL Server (Server: Optimizer). Affected versions: 8.0.26 and earlier. Vulnerability allows a high-privilege attacker with network access (via multiple protocols) to cause a hang or crash (DoS) of MySQL Server. Remediation shown in connected advisories: upgrade to ...
CVE-2022-21625
Vulnerability CVE-2022-21625 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.30 and earlier. Underlying issue in the Optimizer can allow a high-privilege attacker with network access (via multiple protocols) to cause a hang or crash (DoS) of MySQL Server. Exploitation require...
CVE-2022-21637
CVE-2022-21637 affects MySQL Server (InnoDB) with affected versions 8.0.30 and earlier. Root cause involves InnoDB vulnerability leading to a complete DOS (hang/crash) under network access with high privileges. Remediation observed in connected data shows upgrades to MySQL 8.0.32 (e.g., AlmaLinux...
CVE-2024-21005
CVE-2024-21005 affects Oracle Java SE / GraalVM Enterprise Edition (JavaFX). Affected: Oracle Java SE 8u401; GraalVM EE 20.3.13 and 21.3.9. Description notes a difficult-to-exploit vulnerability that requires network access via multiple protocols and user interaction, with potential unauthorized ...
CVE-2021-35577
CVE-2021-35577 affects Oracle MySQL Server (component: Server: Optimizer) with affected versions 8.0.26 and earlier. The vulnerability can be triggered by a high-privilege attacker who can access MySQL over the network via the MySQL protocol, potentially causing a hang or repeated crashes (DoS) o...
CVE-2021-35625
CVE-2021-35625 affects Oracle MySQL Server (component: Server: Security: Privileges) with affected versions 8.0.26 and earlier. An attacker with high privileges and network access via multiple protocols can compromise MySQL Server, resulting in unauthorized read access to a subset of data. CVSS v...
CVE-2021-35636
CVE-2021-35636 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.26 and earlier. Attackers with network access via multiple protocols can cause a hang or complete DoS on vulnerable servers (high privilege required; UI not required). Remediation: upgrade to a newer MySQL 8.0.x v...
CVE-2022-21344
CVE-2022-21344 affects Oracle MySQL Server (Server: Replication). Affected: MySQL 5.7.36 and earlier, 8.0.27 and earlier. Exploited by a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (DoS). Remediation in public advisories recommends upgradin...
CVE-2022-21640
CVE-2022-21640 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.30 and earlier. Description across connected documents indicates an unspecified vulnerability in the Optimizer that can enable a high-privilege attacker with network access to cause a hang or crashes (D...
CVE-2021-35623
CVE-2021-35623 affects Oracle MySQL Server (component: Server: Security: Roles) and is exploitable on affected MySQL Server versions 8.0.26 and earlier when remote access is possible via multiple protocols. The vulnerability can lead to unauthorized read access to a subset of data. The connected ...
CVE-2023-22065
CVE-2023-22065 affects Oracle MySQL Server (Server: Optimizer) with vulnerable versions 8.0.33 and earlier. Exploitation can lead to a hang or frequent crash (DoS) of MySQL Server. Remediation in connected advisories points to upgrading to a fixed release (e.g., MySQL 8.0.34+ or vendor-specific p...
CVE-2024-21087
CVE-2024-21087 affects Oracle MySQL Server (Server: Group Replication Plugin). Affected versions: 8.0.36 and prior, and 8.3.0 and prior. An attacker with network access can exploit via multiple protocols to cause a hang or a complete DOS crash. CVSS 3.1 base score 4.9 (Availability impact). Explo...
CVE-2021-35608
CVE-2021-35608 affects Oracle MySQL Server, specifically the Group Replication Plugin, with vulnerable versions 8.0.26 and prior. A low-privileged, network-accessing attacker can cause the MySQL server to hang or crash (complete DOS). Remediation observed in connected documents points to upgradin...
CVE-2021-35641
CVE-2021-35641 affects Oracle MySQL Server (component: Server: Optimizer) in 8.0.26 and earlier. A high-privileged attacker with network access via multiple protocols can cause a hang or frequent crash (DoS) of MySQL Server. Several connected advisories note fixes in later MySQL 8.0 releases (exa...
CVE-2022-21352
CVE-2022-21352 affects Oracle MySQL Server (InnoDB) with impacted versions 8.0.26 and prior. The vulnerability is described as allowing a high-privilege attacker with network access via multiple protocols to compromise MySQL Server, potentially leading to unauthorized creation, deletion, or modif...
CVE-2022-21368
CVE-2022-21368 affects Oracle MySQL Server (component: Server: Components Services) with affected versions 8.0.27 and earlier. The vulnerability enables a high-privilege attacker with network access via multiple protocols to perform unauthorized updates, inserts, deletes, and reads of MySQL data,...
CVE-2022-21316
CVE-2022-21316 affects Oracle MySQL Cluster (Cluster: General) with affected versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability is exploitable by a high-privilege actor with logon to the infrastructure where MySQL Cluster runs, and requires user...
CVE-2022-21321
CVE-2022-21321 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster products at least up to 7.6.20, 7.5.24, 7.4.34 and 8.0.27 (per NVD/CVE records). Root cause details are not provided here, but the vulnerability allows an attacker with access to the physical communication seg...
CVE-2022-21604
CVE-2022-21604 affects Oracle MySQL Server (InnoDB) up to version 8.0.30. The root cause is an InnoDB vulnerability that enables a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (denial of service). Impact is availability loss for MySQL Server...
CVE-2024-20969
Oracle MySQL Server: CVE-2024-20969 affects 8.0.35 and older and 8.2.0 and older (Server: DDL). An attacker with network access and high privileges can cause a hang/crash (DoS) and unauthorized data updates/deletes. Upgrade to 8.0.36-1 or newer (>=8.0.36-1) to remediate where available; check ...
CVE-2024-21009
CVE-2024-21009 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL 8.0.36 and earlier and 8.3.0 and earlier. The vulnerability can be exploited by a high-privilege attacker with network access via multiple protocols to cause a hang or a frequent crash (denial of service). The CVSS...
CVE-2024-21052
CVE-2024-21052 affects Oracle MySQL Server (component: Server: DML). Affected: MySQL 8.0.34 and prior. The vulnerability could be exploited by a highly privileged attacker with network access via multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVS...
CVE-2018-3280
CVE-2018-3280 affects the MySQL Server component (Server: JSON) of Oracle MySQL. Affected products/versions: MySQL 8.0.12 and earlier. The vulnerability allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang or a frequent, repeatable crash of...
CVE-2021-35646
CVE-2021-35646 affects Oracle MySQL Server (Server: Optimizer) for 8.0.26 and earlier. Exploitation leads to a denial of service (hang/crash) with network access via multiple protocols; authenticated high-privilege user required per the CVE description. Remediation is to upgrade to a newer MySQL ...
CVE-2022-21358
CVE-2022-21358 affects Oracle/MySQL Server (component: Server: Security: Encryption). Affected versions are 8.0.27 and earlier. The vulnerability can be exploited by a low-privilege attacker with network access via multiple protocols, potentially causing the MySQL Server to hang or crash (complet...
CVE-2023-21955
CVE-2023-21955 affects Oracle MySQL Server (component: Server: Partition); affected versions are 8.0.32 and earlier. It is a network-exploitable vulnerability that can allow a high-privileged attacker to cause a hang or frequent crash (DOS). CVSS v3.1 Base Score 4.9 (A: High, Availability). Publi...
CVE-2018-3075
Oracle MySQL Server (Server: Security: Privileges) is affected by CVE-2018-3075 in MySQL 8.0.11 and earlier. The vulnerability, described across IBM/IBM Guardium sources, enables a high-privilege attacker with network access via multiple protocols to compromise the MySQL Server and can result in ...
CVE-2019-13118
CVE-2019-13118 affects libxslt 1.1.33, where a too-narrow type holding grouping characters in xsl:number can pass an invalid character/length to xsltNumberFormatDecimal, causing a read of uninitialized stack data (stack overflow vulnerability). Connected Apple advisories (HT210351, HT210346, HT21...
CVE-2020-14771
CVE-2020-14771 describes an LDAP Auth access-control vulnerability in Oracle MySQL Server. Affected: MySQL Server versions 5.7.31 and earlier, 8.0.21 and earlier. The issue is exploitable by an authenticated attacker with network access via multiple protocols and can lead to partial denial of ser...
CVE-2021-35515
CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...
CVE-2022-21484
CVE-2022-21484 affects Oracle MySQL Cluster (Cluster: General) with vulnerable versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, and 8.0.28 and prior. The issue allows a high-privilege attacker with access to the hardware’s physical communication segment to compromise MySQL Cluster. ...
CVE-2022-21632
CVE-2022-21632 affects Oracle MySQL Server 8.0.30 and earlier. Vulnerability in Server: Security: Privileges enables a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (DoS). CVSS 3.1 base score 4.9 (Availability). Remediation observed in downst...
CVE-2024-21062
The CVE-2024-21062 entry corresponds to a vulnerability in Oracle MySQL Server (Server: Optimizer). The connected documentation confirms affected versions are 8.0.36 and prior and 8.3.0 and prior, with exploitation possible over the network by a high-privilege attacker, potentially causing a hang...
CVE-2018-3074
CVE-2018-3074 affects Oracle MySQL Server (Server: Security: Roles). Affected: MySQL 8.0.11 and earlier. Underlying issue: vulnerability in Roles subcomponent can allow a low-privileged, network-access attacker to cause a denial of service (hangs/crashes) in MySQL Server via multiple protocols. I...
CVE-2018-3079
CVE-2018-3079 affects the Oracle MySQL Server InnoDB component. The vulnerability exists in MySQL 8.0.11 and earlier. An authenticated, high-privilege attacker who can reach the server over network (via multiple protocols) can trigger a denial of service, causing the server to hang or crash (A: H...
CVE-2018-3084
CVE-2018-3084 affects Oracle MySQL Server (Shell: Core/Client). Affects 8.0.11 and earlier; a low-privileged user with logon can exploit to cause partial denial of service. Exploitation requires user interaction; CVSSv3 base score 2.8 (LOW). Remediation: upgrade Oracle MySQL to patched versions p...
CVE-2020-11612
Netty CVE-2020-11612 affects Netty 4.1.x before 4.1.46, where ZlibDecoders may allocate memory without bounds while decoding a ZlibEncoded stream, potentially exhausting server memory. Affected product: Netty 4.1.x (ZlibDecoders). Remediation: upgrade to Netty 4.1.46.Final or later. The documents...
CVE-2022-21330
CVE-2022-21330 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. The vulnerability requires physical access to the hardware’s communication segment and user interaction from another person, with exploitation ...
CVE-2024-20981
CVE-2024-20981 affects Oracle MySQL Server (component: Server: DDL). Affected versions are 8.0.35 and earlier, and 8.2.0 and earlier. The vulnerability allows a high-privileged attacker who has network access via multiple protocols to cause the MySQL Server to hang or crash (complete DOS). The av...
CVE-2024-20985
CVE-2024-20985 concerns Oracle MySQL Server (component: Server: UDF). Affected: 8.0.35 and earlier, and 8.2.0 and earlier. Exploitation via network with low privileges can cause a hang or frequent crash (DoS). The issue is mitigated by upgrading to a newer release; sources indicate fixes are avai...
CVE-2022-21318
CVE-2022-21318 affects Oracle MySQL Cluster (Cluster: General). Affected versions are 7.6.20 and earlier, and 8.0.27 and earlier. The vulnerability is described as difficult to exploit with high-privilege attacker access to the MySQL Cluster infrastructure, potentially leading to takeover of the ...
CVE-2022-21479
CVE-2022-21479 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.28 and earlier. The vulnerability can be exploited by an authenticated attacker over network via multiple protocols to cause a hang or crash (DOS) and may lead to read access to a subset of data. Root c...
CVE-2024-20998
CVE-2024-20998 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.36 and prior and 8.3.0 and prior. The vulnerability can be exploited over the network by a high-privileged attacker to cause a hang or crash (complete DOS). Remediation observed in published advis...
CVE-2024-21000
CVE-2024-21000 affects Oracle MySQL Server (Server: Security: Privileges). The vulnerability is present in affected MySQL Server components for versions 8.0.36 and prior, and 8.3.0 and prior. Exploitation is possible with network access via multiple protocols and requires high privileges; success...
CVE-2024-21008
CVE-2024-21008 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL Server versions 8.0.36 and prior, and 8.3.0 and prior. Attackers with network access via multiple protocols and high privileges can cause a hang or a crash (DoS). The information in connected sources corroborates the ...