971 matches found
CVE-2023-22032
CVE-2023-22032 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.34 and earlier, and 8.1.0. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (complete DOS). CVSS 3.1 base sc...
CVE-2021-21342
CVE-2021-21342 affects the Java library XStream (prior to 1.4.16). During unmarshalling, the processed input stream can include type information used to recreate objects, enabling an attacker to inject/replace objects and trigger a server-side forgery. The documented fix is to upgrade to at least...
CVE-2023-22104
CVE-2023-22104 affects Oracle MySQL Server (InnoDB). Affected: MySQL 8.0.32 and earlier. Description in connected sources confirms a high-privilege attacker with network access can cause availability impact (hang or frequent crash) of MySQL Server via multiple protocols. No explicit exploit detai...
CVE-2018-3060
CVE-2018-3060 affects Oracle MySQL Server (InnoDB) with affected versions 5.5/5.6 per IBM/Guardium disclosures. The vulnerability is described as an unspecified issue in InnoDB that could allow an authenticated attacker to achieve no confidentiality impact, but high integrity and high availabilit...
CVE-2021-2180
CVE-2021-2180 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. A high-privilege attacker who can reach MySQL Server over the network via multiple protocols can cause the server to hang or crash (complete DOS). Connected documents confirm the...
CVE-2021-21343
CVE-2021-21343 affects XStream (Java) prior to 1.4.16. The vulnerability arises during unmarshalling when the processed input stream carries type information, enabling an attacker to create new instances based on that data and potentially replace or inject objects, including causing local file de...
CVE-2018-3133
CVE-2018-3133 concerns Oracle MySQL Server (subcomponent: Server: Parser). Affected are MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can trigger a hang or frequen...
CVE-2023-22097
CVE-2023-22097 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.34 and earlier and 8.1.0; an attacker with network access via multiple protocols could cause a hang or crash (DoS). Remediation exists in Linux distro advisories (e.g., AlmaLinux ALSA-2024-0894 lists MySQL InnoDB fixes...
CVE-2019-2481
CVE-2019-2481 affects Oracle MySQL Server (Server: Optimizer). Affected versions are 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability can be exploited by a high-privileged attacker over the network to cause a hang or a frequently repeating crash (complete DoS) of MySQL ...
CVE-2021-37136
CVE-2021-37136 : The Bzip2 decompression decoder can set no limit on the decompressed output size, affecting all Bzip2Decoder users. This under- or over-allocates memory during decompression and can trigger an OutOfMemoryError, enabling DoS. Connected IBM/ASTRA entries reiterate the same descript...
CVE-2021-2088
CVE-2021-2088 affects Oracle MySQL Server (Server: DML). Affected versions: 8.0.22 and earlier. An attacker with local logon and high privileges can cause the MySQL server to hang or crash (complete DoS). Remediation details in provided sources indicate upgrading MySQL to a later version (e.g., 8...
CVE-2024-21131
CVE-2024-21131 affects Oracle Java SE (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; GraalVM Enterprise: 20.3.14, 21.3.10. An unauthenticated network attacke...
CVE-2022-21476
CVE-2022-21476 affects Oracle Java SE and Oracle GraalVM Enterprise Edition. Vulnerable components include Libraries, JAXP, ImageIO, 2D, JNDI, and serialization-related paths, with exploitation achievable by unauthenticated network access and potentially leading to data confidentiality breach or ...
CVE-2018-3081
CVE-2018-3081 affects the MySQL Client component of Oracle MySQL. Affected versions: 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, and 8.0.11 and prior. Attackers with network access via multiple protocols can exploit it to cause a hang or a crash (DoS) and may update/insert/delete data i...
CVE-2021-2001
CVE-2021-2001 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL versions 5.6.50 and earlier, 5.7.30 and earlier, and 8.0.17 and earlier. An attacker with network access via multiple protocols and high privileges can trigger a denial of service (hang or crash) of MySQL Server. Co...
CVE-2021-2010
CVE-2021-2010 affects the MySQL Client C API in Oracle MySQL. Affected versions are 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The vulnerability is exploitable remotely with low privileges and could lead to unauthorized data updates/inserts/deletes and partial DoS on MySQL Cl...
CVE-2023-22102
CVE-2023-22102 is described as a vulnerable condition in Oracle MySQL’s Connector/J (affected versions 8.1.0 and earlier). The CVE text states that an unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors, with user interaction required, and that atta...
CVE-2018-3156
CVE-2018-3156 affects Oracle MySQL Server (subcomponents: InnoDB; also referenced in multiple advisories) with affected versions: 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. According to the connected advisories for Linux distributions, the vulnerability enables network-access...
CVE-2018-3251
CVE-2018-3251 affects Oracle MySQL Server (InnoDB). Affected: 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier. Exploitation via network against multiple protocols can cause a hang or crash (DOS). Several advisories reference fixes in corresponding OS/package updates (e.g., ALAS and Deb...
CVE-2022-21427
CVE-2022-21427 affects Oracle MySQL Server (component: Server: FTS). Affected: MySQL 5.7.37 and earlier, 8.0.28 and earlier. An attacker with high privileges and network access via multiple protocols can cause a hang or frequent crash (DoS). The connected advisories indicate fixes in newer MySQL ...
CVE-2022-21626
CVE-2022-21626 affects Oracle Java SE (components: Security and JNDI) and Oracle GraalVM Enterprise Edition, with affected Java SE versions including 8u341, 8u345-perf, 11.0.16.1 (and related GraalVM versions 20.3.7, 21.3.3, 22.2.0). The vulnerability is exploitable remotely over HTTPS (and other...
CVE-2021-21344
Summary: CVE-2021-21344 affects the XStream Java XML serialization library. In versions before 1.4.16, a remote attacker can load and execute arbitrary code by manipulating the processed input stream. The risk is mitigated if the security framework whitelist is properly configured; otherwise the ...
CVE-2018-2612
CVE-2018-2612 is reported in the MySQL Server component (subcomponent: InnoDB). Affected releases include MySQL 5.6.38 and earlier and 5.7.20 and earlier. The vulnerability enables a high-privilege attacker who can access the server over the network (via multiple protocols) to compromise data con...
CVE-2018-3143
CVE-2018-3143 is a vulnerability in the MySQL Server component (subcomponent: InnoDB) affecting Oracle MySQL. Affected versions are 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. It allows a low-privilege, network-attacker to cause a hang or crash (DoS) via multiple protocols. The issu...
CVE-2019-3822
CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...
CVE-2020-2579
CVE-2020-2579 is a MySQL Server vulnerability in the optimizer component. Affected versions are 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. An attacker with network access over multiple protocols and low privileges can trigger a hang or a complete denial of service (DoS) via t...
CVE-2021-2048
CVE-2021-2048 affects Oracle MySQL Server (InnoDB). Connected documents confirm the vulnerability lies in InnoDB with affected versions 8.0.22 and earlier, enabling a network-accessible attacker with high privileges to cause a hang or crash (DoS) and to perform unauthorized updates/inserts/delete...
CVE-2021-2046
CVE-2021-2046 affects Oracle MySQL Server (Server: Stored Procedure) with affected versions 8.0.22 and prior. Exploitation requires network access from a high-privilege attacker via multiple protocols and may cause a hang or crash (DoS) in MySQL Server, potentially impacting related products. Mit...
CVE-2021-22931
CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...
CVE-2022-22970
CVE-2022-22970 is described in IBM and related bulletins as a Spring Framework DoS via data binding of file-upload types (MultipartFile/javax.servlet.Part) when running on affected Spring Framework versions. The root cause involves binding such fields to model objects, enabling resource-exhaustio...
CVE-2021-2060
CVE-2021-2060 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The vulnerability can be exploited by a highly privileged attacker with network access via multiple protocols to cause a hang or crash (a...
CVE-2024-21147
The CVE-2024-21147 entry describes a vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Hotspot component) affecting multiple supported versions: Java SE 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK 17.0.11, 21.0.3, 22.0.1; Graa...
CVE-2021-21351
CVE-2021-21351 is an XStream deserialization vulnerability. Connected IBM advisories confirm the issue affects IBM Data Risk Manager (IDRM) and IBM Engineering/Test Management products via bundled XStream versions, with exploitation through unmarshalling to achieve arbitrary code execution. Remed...
CVE-2021-2087
CVE-2021-2087 refers to a vulnerability in Oracle MySQL Server (Server: DML) affecting 8.0.22 and earlier. A high-privilege user with server access could cause a denial-of-service (hang or crash). Connected sources indicate remediation exists via upgrading MySQL (e.g., the CG/Mariner entry for my...
CVE-2022-21628
CVE-2022-21628 affects Oracle Java SE ( Lightweight HTTP Server) and Oracle GraalVM Enterprise Edition; affected Java SE versions include 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 and GraalVM EE: 20.3.7, 21.3.3, 22.2.0. Description states an unauthenticated attacker with network access via HTTP ...
CVE-2018-3173
CVE-2018-3173 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected: MySQL 5.7.23 and earlier and 8.0.12 and earlier; exploitation via network could cause a hang or crash (DoS) with high privileges over multiple protocols. Connected advisories indicate fixed releases exist (e.g., ...
CVE-2018-3200
CVE-2018-3200 affects Oracle MySQL Server (InnoDB) and is exploitable with network access via multiple protocols by a high-privilege attacker to cause a hang or crash (DOS). Affected versions are 5.7.23 and prior and 8.0.12 and prior; CVSSv3 base score 4.9 (A: HIGH). The F5 advisory notes remedia...
CVE-2021-2389
CVE-2021-2389 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.34 and earlier and 8.0.25 and earlier. An unauthenticated attacker can exploit over network via multiple protocols to cause a hang or a frequent crash (complete DoS) of MySQL Server. Connected documents corroborate th...
CVE-2021-2036
CVE-2021-2036 affects the Oracle MySQL Server, component Server: Optimizer , with affected versions including 8.0.22 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or complete denial of service of the MySQL Server. The C...
CVE-2022-21624
CVE-2022-21624 is an Oracle Java SE/GraalVM EE vulnerability in the JNDI component (also described across connected advisories) that allows unauthenticated network access to potentially update/insert/delete data. Affected products/versions include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17....
CVE-2021-35550
CVE-2021-35550 is a network-authenticated TLS vulnerability in the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise Edition, affecting Java SE 7u311, 8u301, 11.0.12 and GraalVM EE 20.3.3/21.2.0. Exploitation is possible over TLS with unauthenticated access and can lead to confidenti...
CVE-2020-14621
CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...
CVE-2021-37137
CVE-2021-37137 involves Netty’s Snappy frame decoding where the SnappyFrameDecoder does not restrict the chunk length, enabling potential excessive memory usage. The issue can be triggered by crafted input that decompresses to a very large size (via network streams or files) or by sending a very ...
CVE-2021-2307
CVE-2021-2307 affects Oracle MySQL Server (Server: Packaging) with affected versions 5.7.33 and prior and 8.0.23 and prior. The vulnerability allows unauthenticated access within the MySQL Server host after user interaction; CVSSv3.1 base score 6.1 (Confidentiality/Integrity). Affected components...
CVE-2023-22015
CVE-2023-22015 pertains to Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are MySQL 5.7.42 and prior and 8.0.31 and prior . The vulnerability enables a high-privilege attacker with network access via multiple protocols to cause a denial of service (hang or cr...
CVE-2018-3185
CVE-2018-3185 is a MySQL Server (InnoDB) vulnerability affecting 5.7.23 and earlier and 8.0.12 and earlier. The connected F5 advisory confirms exploitable remote access via multiple protocols by a high-privilege attacker, potentially causing a hang or crash (DoS) and unauthorized data updates. Th...
CVE-2018-3284
CVE-2018-3284 affects Oracle MySQL Server (InnoDB subcomponent) and related MySQL Server components. Affected versions: 5.7.23 and earlier, and 8.0.12 and earlier. The flaw allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS). Connected adviso...
CVE-2018-3277
CVE-2018-3277 affects the MySQL Server component (subcomponent: InnoDB). Affected versions are 5.7.23 and prior and 8.0.12 and prior. The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols, and can lead to a hang or a frequent crash of MySQL Serve...
CVE-2022-21460
CVE-2022-21460 affects the Oracle MySQL Server, component Server: Logging . Affected versions include MySQL 5.7.37 and earlier and 8.0.28 and earlier. The vulnerability can be exploited by a highly privileged attacker over the network via multiple protocols to gain unauthorized access to data or ...
CVE-2023-22006
CVE-2023-22006 affects Oracle Java SE (Networking) and GraalVM variants; listed affected versions include Oracle Java SE 11.0.19, 17.0.7, 20.0.1; GraalVM EE 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is hard to exploit and requires network access via multiple pr...