971 matches found
CVE-2016-0762
CVE-2016-0762 affects Apache Tomcat realms across multiple branches (Tomcat 9.0.x, 8.5.x, 8.0.x, 7.0.x, 6.0.x). The root cause: Realm implementations did not process the supplied password when the username did not exist, enabling a timing attack to determine valid usernames. The default LockOutRe...
CVE-2017-10379
CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...
CVE-2018-3070
CVE-2018-3070 affects Oracle MySQL Server (MySQL client mysqldump component). Affected versions are 5.5.60 and earlier, 5.6.40 and earlier, and 5.7.22 and earlier. The vulnerability is described as easily exploitable, requiring network access via multiple protocols, and can allow a low-privileged...
CVE-2023-22053
CVE-2023-22053 affects Oracle MySQL: vulnerability in the MySQL Client programs that can allow a low-privilege attacker with network access to cause a hang/complete DoS and unauthorized read of a subset of data. Affected releases include MySQL 5.7.42 and earlier and 8.0.33 and earlier. Connected ...
CVE-2022-21489
CVE-2022-21489 affects Oracle MySQL Cluster, specifically the Cluster: General component. Affected versions are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, and 8.0.28 and prior. The root cause is a vulnerability in MySQL Cluster that, under certain conditions, could allow a high-privile...
CVE-2018-2964
CVE-2018-2964 affects Oracle Java SE Deployment. Affected are Java SE 8u172 and 10.0.1; the flaw is exploitable over the network via multiple protocols and may allow takeover of Java SE, with client deployments using untrusted code in sandboxed environments being at risk. Exploitation is reported...
CVE-2016-6794
CVE-2016-6794 affects Apache Tomcat across multiple branches (7.x, 8.x, 9.x) and versions, where the system property replacement feature for configuration files can bypass a configured SecurityManager to read restricted system properties. Connected advisories show concrete impact and suggested fi...
CVE-2017-10078
CVE-2017-10078 affects Oracle Java SE 8u131 (Scripting) and can be exploited over network with multiple protocols, enabling high-impact confidentiality and integrity violations and data access. The vulnerability can be triggered by sandboxed Web Start/Applet use or via APIs without sandboxing. Th...
CVE-2022-39399
CVE-2022-39399 affects Oracle Java SE and GraalVM Enterprise Edition (Networking component). Affected versions: Oracle Java SE 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM EE 20.3.7, 21.3.3, 22.2.0. The vulnerability allows unauthenticated, network-based access via HTTP to compromise data integrity, p...
CVE-2017-10293
CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...
CVE-2018-2826
CVE-2018-2826 affects Oracle Java SE Libraries in Java SE 10. The vulnerability allows an unauthenticated network-based attacker to compromise Java SE, with potential takeover of the Java Runtime, per the description. CVSS 3.1 indicates HIGH impact (C, I, A HIGH) with NETWORK attack vector and re...
CVE-2020-2585
CVE-2020-2585 is referenced in connected security advisories as affecting Oracle Java SE (component JavaFX) with affected Java SE 8u231. The advisory notes that exploitation is difficult but possible by a network-access attacker through multiple protocols, potentially allowing unauthorized creati...
CVE-2021-35560
CVE-2021-35560 is an Oracle Java SE Deployment vulnerability (Java SE 8u301 affected) that allows an unauthenticated attacker with network access to takeover Java SE, with user interaction required. Connected docs confirm the CVE and provide affected products (e.g., IBM advisories referencing Jav...
CVE-2017-10176
CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...
CVE-2022-21440
CVE-2022-21440 affects Oracle MySQL Server (Optimizer) up to version 8.0.28 and earlier. A high-privilege attacker with network access via multiple protocols can cause a hang or crash (DoS) and may modify data. Remediation in related advisories points to upgrading to a fixed release (e.g., MySQL ...
CVE-2017-10114
CVE-2017-10114 affects the Java SE/JavaFX component; specifically Java SE 7u141 and 8u131. The vulnerability is described as difficult to exploit, requiring network access via multiple protocols and user interaction, with potential takeover of Java SE and possible impact on other products relying...
CVE-2022-21459
CVE-2022-21459 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.28 and prior. Issue allows a high-privilege attacker with network access to cause a hang or crash (DOS) and unauthorized updates/deletes to some data. Publicly available connected advisories corroborate...
CVE-2017-10118
CVE-2017-10118 affects Oracle Java SE/JRockit/JCE with a timing-channel vulnerability in ECDSA within the JCE component. A remote attacker could potentially recover private keys by observing timing differences, enabling unauthenticated network-remote exploitation on affected OpenJDK/JRockit confi...
CVE-2018-2638
CVE-2018-2638 is addressed in IBM product advisories for IBM Netezza and IBM InfoSphere Optim. The IBM Netezza Platform Software requires upgrading to 11.2.1.2 (Fix Central link provided in the bulletin). Separately, IBM InfoSphere Optim solutions (11.3.0) should apply fix pack 11.3.0.7 to mitiga...
CVE-2016-6796
CVE-2016-6796 affects Apache Tomcat across multiple lines: a malicious web application could bypass the SecurityManager by manipulating the configuration parameters for the JSP Servlet. Affected versions include Tomcat 9.0.0.M1–9.0.0.M9, 8.5.0–8.5.4, 8.0.0.RC1–8.0.36, 7.0.0–7.0.70, and 6.0.0–6.0....
CVE-2017-10111
CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...
CVE-2022-1259
CVE-2022-1259 is an Undertow-related denial-of-service issue. The root cause is an incomplete fix for CVE-2021-3629, causing potential DoS from HTTP/2 flow-control handling. Connected documents (Nessus plugin references and IBM/Red Hat advisories) confirm this in context of Undertow and note that...
CVE-2017-10105
CVE-2017-10105 is a vulnerability in the Oracle Java SE Deployment component affecting Java SE 6u151, 7u141, and 8u131. The connected CHAINGUARD entry confirms a vulnerability in Oracle Java SE Deployment with unspecified root cause and a potential impact to data integrity, but does not provide p...
CVE-2021-2014
CVE-2021-2014 is a vulnerability in Oracle MySQL Server (Server: PAM Auth Plugin) affecting 5.7.32 and earlier. An authenticated attacker with network access via multiple protocols can exploit this to cause a denial of service (hang or crash) with an availability impact. The initial data lists a ...
CVE-2021-2417
CVE-2021-2417 is a vulnerability in Oracle MySQL Server (component: GIS) affecting MySQL 8.0.25 and earlier. The cited description states that a highly privileged attacker with network access via multiple protocols can cause a hang or a frequently repeated crash (complete DOS) and may also gain u...
CVE-2021-2342
CVE-2021-2342 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.34 and earlier; 8.0.25 and earlier. Impact: high-privilege attacker on the network can cause a hang or crash (DoS) via multiple protocols; CVSS 3.1 base 4.9 (A). No explicit remediation version provided in the supp...
CVE-2020-10714
CVE-2020-10714 concerns WildFly Elytron prior to 1.11.3.Final. A flaw in FORM authentication with a session ID in the URL enables a session fixation attack, affecting confidentiality, integrity, and availability. The impact is stated in the sources as high (CVSS 3.1) with network access and user ...
CVE-2022-21515
Oracle MySQL Server vulnerability CVE-2022-21515 affects MySQL Server (component: Server: Options). Affected versions: 5.7.38 and earlier; 8.0.29 and earlier. Exploitation allows a high-privilege attacker with network access via multiple protocols to cause the server to hang or crash (DoS). Conne...
CVE-2018-2941
CVE-2018-2941 affects Oracle Java SE (JavaFX) with affected products Java SE 7u181, 8u172, and 10.0.1. The vulnerability is difficult to exploit, requires network access via multiple protocols and user interaction, and can lead to takeover of Java SE. It principally concerns Java deployments runn...
CVE-2021-2367
CVE-2021-2367 is a vulnerability in Oracle MySQL Server (component: Server: Optimizer) affecting MySQL 8.0.25 and earlier. It enables a high-privilege attacker with network access via multiple protocols to cause a hang or complete denial of service (DOS) of MySQL Server. Some connected advisories...
CVE-2020-25689
CVE-2020-25689 : In WildFly, all versions up to 21.0.0.Final exhibit a memory-leak in the host-controller when reconnection attempts loop, causing new connections to be created but not properly closed. This can trigger an Out of Memory (OOM) condition and denial of service, primarily affecting av...
CVE-2021-2390
CVE-2021-2390 is a vulnerability in Oracle MySQL Server (InnoDB) affecting MySQL versions 5.7.34 and prior, and 8.0.25 and prior. The issue can be exploited by an unauthenticated attacker over network protocols to cause the server to hang or crash (complete DOS). Multiple connected advisories ref...
CVE-2020-13946
CVE-2020-13946 relates to an Apache Cassandra RMI registry manipulation vulnerability enabling a local attacker to perform a man-in-the-middle attack to capture JMX credentials and gain unauthorized access. The connected CIRCL entry confirms affected ranges: Cassandra 4.0.2 through 5.0.2 (Java 11...
CVE-2021-2374
CVE-2021-2374 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.25 and prior. The vulnerability allows a high-privilege attacker with local access to compromise the server, potentially gaining unauthorized access to data. The CVSSv3.1 base score is 4.1 (Confidentiality impact: High;...
CVE-2021-2385
CVE-2021-2385 affects Oracle MySQL Server, specifically the replication component. Affected versions are MySQL 5.7.34 and earlier and 8.0.25 and earlier. The issue allows a high-privilege attacker with network access (via multiple protocols) to cause a hang or crash (DoS) and may enable unauthori...
CVE-2018-2825
CVE-2018-2825 concerns Oracle Java SE Libraries with affected Java SE 10, allowing network-based attacks that may compromise confidentiality, integrity, and availability; the exploitation requires user interaction. The connected documents largely discuss IBM-specific advisories (IBM i, Netcool Ag...
CVE-2021-2399
CVE-2021-2399 is a MySQL Server (Oracle) vulnerability in the Server: DDL component. Affected versions are 8.0.25 and prior; exploitation via network with multiple protocols can cause a hang or complete denial of service. The connected advisories (MiracleLinux, ALINUX3, Rocky Linux, Red Hat, Orac...
CVE-2021-2412
CVE-2021-2412 is a vulnerability in the Oracle MySQL Server, specifically the Server: Optimizer component. Affected are MySQL 8.0.x up to 8.0.21 and prior versions. The issue allows a high-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (complete...
CVE-2017-10125
CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...
CVE-2021-2384
CVE-2021-2384 affects Oracle MySQL Server (component: Server: Optimizer). Affected: 8.0.25 and earlier. Vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (Denial of Service). Remediation: vendor advisories show fixes in newer MySQL ...
CVE-2020-10705
CVE-2020-10705 affects Undertow prior to 2.1.1.Final, where requests using the Expect: 100-continue header can trigger a memory exhaustion error, potentially causing a denial of service. The vulnerability is documented in the CVE page and appears in related advisories (e.g., Red Hat JBoss EAP 7.x...
CVE-2021-2418
CVE-2021-2418 affects Oracle MySQL Server (Server: Optimizer). The vulnerability is exploitable in affected MySQL Server versions 8.0.25 and earlier, enabling a high-privilege attacker with network access via multiple protocols to cause a hang or crash (complete DOS). Public-document details cons...
CVE-2021-2429
Technical details about CVE-2021-2429 are not publicly provided in the connected documents. The available material summarizes advisories but does not specify affected products/versions or fixes. Monitor for updates.
CVE-2017-10086
CVE-2017-10086 affects Oracle Java SE (JavaFX) in Java 7u141 and 8u131. Descriptions indicate an easily exploitable, network-accessible vulnerability that can be exploited with no authentication and user interaction, potentially leading to takeover of Java SE. The connected documents cite this CV...
CVE-2022-21457
CVE-2022-21457 affects Oracle MySQL Server (component: PAM Auth Plugin). Affected versions: 8.0.28 and earlier. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to gain access to critical data or full MySQL Server data. The published CVSS indicates C...
CVE-2021-2422
CVE-2021-2422 affects Oracle MySQL Server (component: Server: PS); affected versions are 8.0.25 and prior. The vulnerability enables a high-privileged attacker with network access via multiple protocols to cause a hang or crash (complete DOS) of MySQL Server (CVSS v3.1 base 4.9). Public advisorie...
CVE-2022-21553
CVE-2022-21553 affects Oracle MySQL Server (Component: Server: Optimizer). Public sources in connected docs describe affected versions as 8.0.29 and prior, with an attacker of HIGH privileges gaining network access via multiple protocols and potentially causing a hang or frequent crashes (complet...
CVE-2020-14664
CVE-2020-14664 affects Oracle Java SE (component: JavaFX ) with affected version Java SE 8u251 . The vulnerability is exploitable over the network and can be triggered by loading untrusted code in client-side Java deployments (Web Start/applets). It requires user interaction and could lead to tak...
CVE-2021-2370
CVE-2021-2370 affects Oracle MySQL Server (component: Server: DML). Affected versions: 8.0.25 and earlier. Risk: high-privilege attacker with network access can cause a hang or crash (DoS) of MySQL Server (CVSS v3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Public advisories indicate the issue is ad...
CVE-2021-2427
CVE-2021-2427 is a vulnerability in Oracle MySQL Server (Server: Optimizer). Affected are MySQL Server 8.0.25 and prior. The issue is exploitable over the network by a high-privilege attacker and can cause a hang or a crash (complete DOS) of MySQL Server. Connected advisories and Nessus plugins c...