971 matches found
CVE-2022-21415
CVE-2022-21415 affects Oracle MySQL Server, component Server: Replication. Affected: MySQL 8.0.28 and prior. Description: a high-privilege attacker with network access via multiple protocols can cause the MySQL Server to hang or crash (complete DOS). Connected advisories indicate broader MySQL su...
CVE-2022-21547
CVE-2022-21547 concerns a vulnerability in the Oracle MySQL Server, specifically the Server: Federated component. The affected product is MySQL Server (Oracle MySQL) with affected versions listed as 8.0.29 and prior . The vulnerability is described as easily exploitable by a high-privilege attack...
CVE-2022-21529
CVE-2022-21529 affects Oracle MySQL Server, component Server: Optimizer. Affected versions are 8.0.29 and earlier. The vulnerability is described as easily exploitable over the network via multiple protocols and can lead to a hang or repeated crash (complete DoS). Multiple connected sources corro...
CVE-2020-14326
CVE-2020-14326 affects RESTEasy: RootNode caching of routes can trigger hash flooding, causing slower requests and higher CPU usage leading to DoS. The description confirms the vulnerability and impact but does not specify affected versions, vulnerable component details beyond RootNode routing ca...
CVE-2020-4051
The CVE-2020-4051 entry affects the Dijit Editor’s LinkDialog plugin, with cross-site scripting vulnerability present in Dijit releases prior to the fixed versions. Documented affected ranges include Dijit 1.11.x through 1.16.x, with fixes implemented in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, a...
CVE-2022-21437
CVE-2022-21437 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.28 and earlier. Vulnerability: an attacker with network access via multiple protocols can exploit the flaw to cause a hang or frequent crash (DoS) of MySQL Server. The connected advisories indicate this...
CVE-2022-21452
Oracle MySQL: CVE-2022-21452 affects MySQL Server, component Server: Optimizer, in versions 8.0.28 and prior. The vulnerability is easily exploitable by a high-privilege attacker over network protocols and can lead to a hang or complete denial-of-service of MySQL Server. Some connected advisories...
CVE-2022-21526
CVE-2022-21526 (Oracle MySQL Server, component: Server: Optimizer) affects MySQL Server versions 8.0.29 and earlier. The vulnerability allows a high-privilege, network-accessible attacker to cause a hang or frequent/complete denial of service (A: H) via multiple protocols. The issue is documented...
CVE-2022-21530
CVE-2022-21530 affects Oracle MySQL Server (Server: Optimizer) and is applicable to MySQL 8.0.29 and prior. The description states that a high-privilege attacker with network access via multiple protocols can cause the MySQL Server to hang or crash (complete DOS). The CVSS 3.1 base score is 4.9 (...
CVE-2022-21556
CVE-2022-21556 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.28 and earlier. The vulnerability can be exploited by a high-privileged attacker with network access via multiple protocols to cause unauthorized creation, deletion, or modification of data and to...
CVE-2019-2924
CVE-2019-2924 is a vulnerability in the MySQL Server product (Oracle MySQL), specifically under Server: Security: Encryption. Affected versions are 5.6.45 and earlier and 5.7.27 and earlier. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read da...
CVE-2023-22046
CVE-2023-22046 affects Oracle MySQL Server, Server: Optimizer. Affected versions are 8.0.33 and earlier. An attacker with high privileges and network access could cause a hang or crash (DOS) in MySQL Server. The vulnerability is tied to the Optimizer component. Remediation noted in public advisor...
CVE-2023-22008
CVE-2023-22008 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.33 and earlier. An attacker with network access through multiple protocols and high privileges can cause a hang or frequent crash (DoS) of MySQL Server (CVSS 4.9, AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Connected sourc...
CVE-2018-3071
CVE-2018-3071 affects the MySQL Server Audit Log component in Oracle MySQL, with vulnerable versions up to 5.7.22 (and earlier). The exposed impact per the sources is a high-privilege attacker with network access via multiple protocols can cause a denial of service, resulting in a hang or frequen...
CVE-2023-22056
CVE-2023-22056 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are 8.0.33 and prior. An attacker with network access via multiple protocols and high privileges can cause a hang or frequent crash (DoS) of MySQL Server. Remediation guidance in connected ...
CVE-2018-2846
CVE-2018-2846 affects Oracle MySQL Server, specifically the Server: Performance Schema. Affected versions are 5.7.21 and earlier. An attacker with high privileges and network access via multiple protocols can cause the MySQL Server to hang or crash (availability impact). The vulnerability is expl...
CVE-2023-22054
CVE-2023-22054 affects MySQL Server (Oracle MySQL), specifically the Server: Optimizer component. Affected products/versions: MySQL 8.0.33 and earlier. Root cause: unspecified in primary CVE entry, but the IBM Security Guardium bulletin and MySQL advisories describe a high-privilege, network-acce...
CVE-2018-2777
CVE-2018-2777 : A vulnerability in Oracle MySQL Server (InnoDB) affecting 5.7.21 and earlier. It allows a high-privilege attacker with network access to cause a hang or frequent crashes (DoS) via multiple protocols. The issue is confirmed in multiple sources; exploitation status is not detailed i...
CVE-2018-3061
CVE-2018-3061 is a vulnerability in Oracle MySQL (MySQL Server: DML). Public sources in the Fedora update FEDORA-2018-f67fda3db6 show that MySQL 5.7.23 fixes this issue; prior 5.7.x versions are affected. The Red Hat RHSA-2018-3655/Nessus listing confirms a DML-related vulnerability in MySQL that...
CVE-2018-2759
CVE-2018-2759 affects the MySQL Server component (InnoDB). Affected are Oracle MySQL 5.7.x with 5.7.21 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (complete DOS) of MySQL Server (CVSS 3.0 shows A=High, Availab...
CVE-2019-2922
CVE-2019-2922 affects Oracle MySQL Server (Server: Security: Encryption) with affected versions 5.6.45 and earlier and 5.7.27 and earlier. The vulnerability is exploitable over the network by unauthenticated attackers via multiple protocols and can lead to unauthorized read access to a subset of ...
CVE-2021-35639
CVE-2021-35639 is a MySQL Server vulnerability (component: Server: Stored Procedure) affecting Oracle MySQL 8.0.26 and earlier. The issue allows a high-privileged attacker with network access via multiple protocols to cause a hang or a crash (complete DOS) of MySQL Server. The connected advisorie...
CVE-2017-10365
CVE-2017-10365 concerns a vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The affected versions are 5.7.18 and earlier. An attacker with network access via multiple protocols and with high privileges can potentially compromise MySQL Server, leading to unauthori...
CVE-2018-2839
CVE-2018-2839 affects Oracle MySQL Server (Server: DML). Affected: MySQL 5.7.21 and earlier. Exploitable over network with high privileges via multiple protocols, potentially causing the server to hang or crash (DoS). The documents confirm the impact and affected versions, but do not provide a sp...
CVE-2017-10286
CVE-2017-10286 affects the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The F5 advisory confirms the vulnerability is exploitable over the network by a high-privileged attacker with access via multiple protocols, and can cause a hang or crash (complete DOS). Affected versions in...
CVE-2022-21490
CVE-2022-21490 affects Oracle MySQL Cluster (Cluster: General) with affected versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, and 8.0.28 and prior. The issue enables a high-privilege attacker with access to the hardware’s physical communication segment to takeover the MySQL Cluster;...
CVE-2023-32344
CVE-2023-32344 affects IBM Cognos Analytics versions 11.1.7, 11.2.4 FP? and 12.0.0, with a form action hijacking flaw that lets an attacker modify the form action to reference an arbitrary path. Root cause and impact are described across multiple sources (IBM Cognos Analytics documentation and ad...
CVE-2018-2816
CVE-2018-2816 affects Oracle MySQL Server (subcomponent: Server: Optimizer). Affected versions: 5.7.21 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or crash (denial of service). The description indicates remediation guidance via Oracle C...
CVE-2019-2910
CVE-2019-2910 affects Oracle MySQL Server (component: Server: Security: Encryption). Affected versions include 5.6.45 and prior and 5.7.27 and prior. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of MySQL Server data due to issues...
CVE-2023-22095
Vulnerability CVE-2023-22095 affects Oracle MySQL Server 8.1.0 (Server: Optimizer). A low-privileged attacker with network access across multiple protocols can cause a hang or frequent crash of MySQL Server (DoS). The issue is explicitly described as exploitable via the network with low privilege...
CVE-2021-21267
Summary of CVE-2021-21267: Schema-Inspector (npm package schema-inspector) is vulnerable to a denial-of-service via email validation in before version 2.0.0. The issue is caused by a pathological input that triggers ReDoS during email validation, freezing the program or browser page. This affects...
CVE-2023-43051
IBM Cognos Analytics is affected by CVE-2023-43051 (XSS) in versions 11.1.7, 11.2.4, and 12.0.0, enabling embedding of arbitrary JavaScript in the Web UI and potentially credential disclosure within a trusted session. The issue is addressed by upgrading to: 12.0.2 for 12.0.x, 11.2.4 FP3 for 11.2....
CVE-2018-2812
CVE-2018-2812 affects Oracle MySQL Server (subcomponent Server: Optimizer). Affected: MySQL 5.7.21 and earlier. Impact: high privileged attacker with network access can cause a hang/complete DOS and may update/insert/delete data in affected data. Root cause: issues in the Server: Optimizer path a...
CVE-2019-5498
OnCommand Insight up to version 7.3.6 contains an information-disclosure vulnerability that could reveal sensitive account information to an authenticated user. This is documented across multiple sources (NVD and Red Hat/CVE entries) with the root cause described as an issue in how the product ha...
CVE-2023-30996
CVE-2023-30996 affects IBM Cognos Analytics (versions 11.1.7, 11.2.4, 12.0.0) and describes information leakage due to unverified sources in inter-origin Windows object messages. The vulnerability is an information disclosure issue rather than remote code execution. Remediation is to upgrade to f...
CVE-2017-10320
CVE-2017-10320 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.7.19 and earlier. An attacker with network access via multiple protocols can exploit this to cause a hang or a crash (DOS) of MySQL Server. The CVSS v3 base score is 4.9 (Availability impact). Reme...
CVE-2023-38359
CVE-2023-38359 - IBM Cognos Analytics XSS : The vulnerability affects IBM Cognos Analytics versions 11.1.7, 11.2.4, and 12.0.0 where untrusted input in the Web UI can be used to embed arbitrary JavaScript, potentially exposing credentials within a trusted session. Root cause: cross-site scripting...
CVE-2021-20464
CVE-2021-20464 affects IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7). A malicious authenticated user could trigger an XML Bomb attack, leading to a denial of service of the affected PowerPlay component. Connected sources confirm impacted product lines and the XM...
CVE-2022-21550
CVE-2022-21550 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, and 8.0.29 and prior. Exploitation requires high-privilege access via the physical communication segment and user interaction; outcomes can include takeo...
CVE-2021-35583
CVE-2021-35583 affects Oracle MySQL Server (Windows, Server: Windows). Affected: MySQL 8.0.25 and prior. Vulnerability allows an unauthenticated attacker with network access via multiple protocols to cause the server to hang or crash (complete DoS). CVSS 3.1 base score 7.5 (Availability). Public ...
CVE-2022-21519
CVE-2022-21519 : Oracle MySQL Cluster (component: Cluster: General) is affected for versions 8.0.29 and earlier. An unauthenticated attacker with network access via multiple protocols can cause a hang or frequent crash (complete DOS). CVSS v3.1 base score 5.9 (Availability, HIGH). References and ...
CVE-2021-29824
IBM Cognos Analytics is affected by CVE-2021-29824, a privilege-escalation flaw that could allow a lower-privilege user to read the Data Connections page. Public sources in the provided documents identify IBM Cognos Analytics 11.2.x and 11.1.x as affected. The issue is addressed by IBM fixes: 11....
CVE-2021-38886
IBM Cognos Analytics is affected by CVE-2021-38886: cross-site request forgery that could allow a trusted-user action to be executed by an attacker. The vulnerability affects IBM Cognos Analytics 11.2.x and 11.1.x (notably 11.2.x and 11.1.x lines cited in sources). Remediation is available: IBM C...
CVE-2022-21380
CVE-2022-21380 concerns Oracle MySQL products. Connected documents identify a variant affecting MySQL Server 8.0.29 and earlier, caused by insufficient input validation in the Server: Optimizer component (and related InnoDB behavior in some entries). This can permit a high-privileged attacker wit...
CVE-2019-2923
CVE-2019-2923 affects Oracle MySQL Server (MySQL) in the Server: Encryption area. Connected documents confirm affected versions: 5.6.45 and earlier, and 5.7.27 and earlier. The vulnerability is exploitable over the network by an unauthenticated attacker and can lead to unauthorized read access to...
CVE-2019-4183
IBM Cognos Analytics 11.0 and 11.1 are affected by a denial-of-service issue where remote attackers can send specially crafted requests to exhaust CPU and memory. The shared sources identify the affected products as IBM Cognos Analytics 11.0 and 11.1, but do not detail the root cause in this exce...
CVE-2020-2790
CVE-2020-2790 affects Oracle MySQL Server (Server: Pluggable Auth). The connected Nessus entries confirm: vulnerable in MySQL 5.7.28 and earlier, with exploitation possible by a low-privilege attacker over the network via multiple protocols. The impact stated in multiple sources is a complete DoS...
CVE-2020-2806
CVE-2020-2806 affects Oracle MySQL Server (Server: Compiling) with affected versions 5.7.28 and earlier. The vulnerability can be exploited by a low-privileged, network-accessible attacker over multiple protocols to cause a hang or repeated crash (Denial of Service). CVSS v3 base score 5.3 (Avail...
CVE-2021-38903
CVE-2021-38903 concerns IBM Cognos Analytics (versions 11.2.x and 11.1.x). The vulnerability is a cross-site scripting flaw caused by improper validation of user-supplied input in the web interface, enabling a remote attacker to inject script into a user’s browser session and potentially steal co...
CVE-2016-8747
The CVE-2016-8747 issue affects Apache Tomcat 8.5.7–8.5.9 and 9.0.0.M11–9.0.0.M15 in reverse-proxy configurations, where Http11InputBuffer.java can let a remote attacker read data belonging to a different request. The underlying problem is an information-disclosure vulnerability in the Tomcat rev...