Lucene search
K
NetappOncommand Insight

971 matches found

CVE
CVE
added 2023/10/17 9:2 p.m.494 views

CVE-2023-22032

CVE-2023-22032 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.34 and earlier, and 8.1.0. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (complete DOS). CVSS 3.1 base sc...

4.9CVSS5.1AI score0.0094EPSS
CVE
CVE
added 2021/03/22 11:40 p.m.492 views

CVE-2021-21342

CVE-2021-21342 affects the Java library XStream (prior to 1.4.16). During unmarshalling, the processed input stream can include type information used to recreate objects, enabling an attacker to inject/replace objects and trigger a server-side forgery. The documented fix is to upgrade to at least...

9.1CVSS7.3AI score0.4999EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.492 views

CVE-2023-22104

CVE-2023-22104 affects Oracle MySQL Server (InnoDB). Affected: MySQL 8.0.32 and earlier. Description in connected sources confirms a high-privilege attacker with network access can cause availability impact (hang or frequent crash) of MySQL Server via multiple protocols. No explicit exploit detai...

4.9CVSS5.2AI score0.00925EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.490 views

CVE-2018-3060

CVE-2018-3060 affects Oracle MySQL Server (InnoDB) with affected versions 5.5/5.6 per IBM/Guardium disclosures. The vulnerability is described as an unspecified issue in InnoDB that could allow an authenticated attacker to achieve no confidentiality impact, but high integrity and high availabilit...

6.5CVSS6.3AI score0.02947EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.489 views

CVE-2021-2180

CVE-2021-2180 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. A high-privilege attacker who can reach MySQL Server over the network via multiple protocols can cause the server to hang or crash (complete DOS). Connected documents confirm the...

4.9CVSS4.9AI score0.0278EPSS
CVE
CVE
added 2021/03/22 11:40 p.m.484 views

CVE-2021-21343

CVE-2021-21343 affects XStream (Java) prior to 1.4.16. The vulnerability arises during unmarshalling when the processed input stream carries type information, enabling an attacker to create new instances based on that data and potentially replace or inject objects, including causing local file de...

7.5CVSS7.1AI score0.46666EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.483 views

CVE-2018-3133

CVE-2018-3133 concerns Oracle MySQL Server (subcomponent: Server: Parser). Affected are MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can trigger a hang or frequen...

6.5CVSS6.3AI score0.029EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.482 views

CVE-2023-22097

CVE-2023-22097 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.34 and earlier and 8.1.0; an attacker with network access via multiple protocols could cause a hang or crash (DoS). Remediation exists in Linux distro advisories (e.g., AlmaLinux ALSA-2024-0894 lists MySQL InnoDB fixes...

4.9CVSS5.1AI score0.00925EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.477 views

CVE-2019-2481

CVE-2019-2481 affects Oracle MySQL Server (Server: Optimizer). Affected versions are 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability can be exploited by a high-privileged attacker over the network to cause a hang or a frequently repeating crash (complete DoS) of MySQL ...

4.9CVSS4.8AI score0.03169EPSS
CVE
CVE
added 2021/10/19 12:0 a.m.477 views

CVE-2021-37136

CVE-2021-37136 : The Bzip2 decompression decoder can set no limit on the decompressed output size, affecting all Bzip2Decoder users. This under- or over-allocates memory during decompression and can trigger an OutOfMemoryError, enabling DoS. Connected IBM/ASTRA entries reiterate the same descript...

7.5CVSS7.4AI score0.05651EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.474 views

CVE-2021-2088

CVE-2021-2088 affects Oracle MySQL Server (Server: DML). Affected versions: 8.0.22 and earlier. An attacker with local logon and high privileges can cause the MySQL server to hang or crash (complete DoS). Remediation details in provided sources indicate upgrading MySQL to a later version (e.g., 8...

4.9CVSS4.6AI score0.00468EPSS
CVE
CVE
added 2024/07/16 10:39 p.m.473 views

CVE-2024-21131

CVE-2024-21131 affects Oracle Java SE (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; GraalVM Enterprise: 20.3.14, 21.3.10. An unauthenticated network attacke...

3.7CVSS3AI score0.00953EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.470 views

CVE-2022-21476

CVE-2022-21476 affects Oracle Java SE and Oracle GraalVM Enterprise Edition. Vulnerable components include Libraries, JAXP, ImageIO, 2D, JNDI, and serialization-related paths, with exploitation achievable by unauthenticated network access and potentially leading to data confidentiality breach or ...

7.5CVSS7AI score0.04046EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.469 views

CVE-2018-3081

CVE-2018-3081 affects the MySQL Client component of Oracle MySQL. Affected versions: 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, and 8.0.11 and prior. Attackers with network access via multiple protocols can exploit it to cause a hang or a crash (DoS) and may update/insert/delete data i...

5CVSS5.2AI score0.02444EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.465 views

CVE-2021-2001

CVE-2021-2001 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL versions 5.6.50 and earlier, 5.7.30 and earlier, and 8.0.17 and earlier. An attacker with network access via multiple protocols and high privileges can trigger a denial of service (hang or crash) of MySQL Server. Co...

6.8CVSS4.9AI score0.02205EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.461 views

CVE-2021-2010

CVE-2021-2010 affects the MySQL Client C API in Oracle MySQL. Affected versions are 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The vulnerability is exploitable remotely with low privileges and could lead to unauthorized data updates/inserts/deletes and partial DoS on MySQL Cl...

4.9CVSS4.1AI score0.01413EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.461 views

CVE-2023-22102

CVE-2023-22102 is described as a vulnerable condition in Oracle MySQL’s Connector/J (affected versions 8.1.0 and earlier). The CVE text states that an unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors, with user interaction required, and that atta...

8.3CVSS8.1AI score0.00872EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.458 views

CVE-2018-3156

CVE-2018-3156 affects Oracle MySQL Server (subcomponents: InnoDB; also referenced in multiple advisories) with affected versions: 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. According to the connected advisories for Linux distributions, the vulnerability enables network-access...

6.5CVSS6.9AI score0.03716EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.458 views

CVE-2018-3251

CVE-2018-3251 affects Oracle MySQL Server (InnoDB). Affected: 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier. Exploitation via network against multiple protocols can cause a hang or crash (DOS). Several advisories reference fixes in corresponding OS/package updates (e.g., ALAS and Deb...

6.5CVSS6.9AI score0.03053EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.458 views

CVE-2022-21427

CVE-2022-21427 affects Oracle MySQL Server (component: Server: FTS). Affected: MySQL 5.7.37 and earlier, 8.0.28 and earlier. An attacker with high privileges and network access via multiple protocols can cause a hang or frequent crash (DoS). The connected advisories indicate fixes in newer MySQL ...

4.9CVSS5.3AI score0.02052EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.458 views

CVE-2022-21626

CVE-2022-21626 affects Oracle Java SE (components: Security and JNDI) and Oracle GraalVM Enterprise Edition, with affected Java SE versions including 8u341, 8u345-perf, 11.0.16.1 (and related GraalVM versions 20.3.7, 21.3.3, 22.2.0). The vulnerability is exploitable remotely over HTTPS (and other...

5.3CVSS5.1AI score0.01746EPSS
CVE
CVE
added 2021/03/22 11:40 p.m.455 views

CVE-2021-21344

Summary: CVE-2021-21344 affects the XStream Java XML serialization library. In versions before 1.4.16, a remote attacker can load and execute arbitrary code by manipulating the processed input stream. The risk is mitigated if the security framework whitelist is properly configured; otherwise the ...

9.8CVSS8AI score0.7598EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.454 views

CVE-2018-2612

CVE-2018-2612 is reported in the MySQL Server component (subcomponent: InnoDB). Affected releases include MySQL 5.6.38 and earlier and 5.7.20 and earlier. The vulnerability enables a high-privilege attacker who can access the server over the network (via multiple protocols) to compromise data con...

7.5CVSS6.3AI score0.03751EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.452 views

CVE-2018-3143

CVE-2018-3143 is a vulnerability in the MySQL Server component (subcomponent: InnoDB) affecting Oracle MySQL. Affected versions are 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. It allows a low-privilege, network-attacker to cause a hang or crash (DoS) via multiple protocols. The issu...

6.5CVSS6.9AI score0.03716EPSS
CVE
CVE
added 2019/02/06 8:0 p.m.452 views

CVE-2019-3822

CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...

9.8CVSS9.3AI score0.12771EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.452 views

CVE-2020-2579

CVE-2020-2579 is a MySQL Server vulnerability in the optimizer component. Affected versions are 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. An attacker with network access over multiple protocols and low privileges can trigger a hang or a complete denial of service (DoS) via t...

6.5CVSS6.1AI score0.01999EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.452 views

CVE-2021-2048

CVE-2021-2048 affects Oracle MySQL Server (InnoDB). Connected documents confirm the vulnerability lies in InnoDB with affected versions 8.0.22 and earlier, enabling a network-accessible attacker with high privileges to cause a hang or crash (DoS) and to perform unauthorized updates/inserts/delete...

7CVSS5AI score0.01609EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.451 views

CVE-2021-2046

CVE-2021-2046 affects Oracle MySQL Server (Server: Stored Procedure) with affected versions 8.0.22 and prior. Exploitation requires network access from a high-privilege attacker via multiple protocols and may cause a hang or crash (DoS) in MySQL Server, potentially impacting related products. Mit...

6.8CVSS6.3AI score0.02157EPSS
CVE
CVE
added 2021/08/16 12:0 a.m.450 views

CVE-2021-22931

CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...

9.8CVSS9.9AI score0.21952EPSS
CVE
CVE
added 2022/05/12 7:28 p.m.450 views

CVE-2022-22970

CVE-2022-22970 is described in IBM and related bulletins as a Spring Framework DoS via data binding of file-upload types (MultipartFile/javax.servlet.Part) when running on affected Spring Framework versions. The root cause involves binding such fields to model objects, enabling resource-exhaustio...

5.3CVSS5.6AI score0.01978EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.446 views

CVE-2021-2060

CVE-2021-2060 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The vulnerability can be exploited by a highly privileged attacker with network access via multiple protocols to cause a hang or crash (a...

6.8CVSS4.9AI score0.02157EPSS
CVE
CVE
added 2024/07/16 10:39 p.m.446 views

CVE-2024-21147

The CVE-2024-21147 entry describes a vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Hotspot component) affecting multiple supported versions: Java SE 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK 17.0.11, 21.0.3, 22.0.1; Graa...

7.4CVSS7.2AI score0.01136EPSS
CVE
CVE
added 2021/03/22 11:45 p.m.445 views

CVE-2021-21351

CVE-2021-21351 is an XStream deserialization vulnerability. Connected IBM advisories confirm the issue affects IBM Data Risk Manager (IDRM) and IBM Engineering/Test Management products via bundled XStream versions, with exploitation through unmarshalling to achieve arbitrary code execution. Remed...

9.1CVSS8.1AI score0.82136EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.444 views

CVE-2021-2087

CVE-2021-2087 refers to a vulnerability in Oracle MySQL Server (Server: DML) affecting 8.0.22 and earlier. A high-privilege user with server access could cause a denial-of-service (hang or crash). Connected sources indicate remediation exists via upgrading MySQL (e.g., the CG/Mariner entry for my...

4.9CVSS4.6AI score0.00468EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.441 views

CVE-2022-21628

CVE-2022-21628 affects Oracle Java SE ( Lightweight HTTP Server) and Oracle GraalVM Enterprise Edition; affected Java SE versions include 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 and GraalVM EE: 20.3.7, 21.3.3, 22.2.0. Description states an unauthenticated attacker with network access via HTTP ...

5.3CVSS5AI score0.02038EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.440 views

CVE-2018-3173

CVE-2018-3173 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected: MySQL 5.7.23 and earlier and 8.0.12 and earlier; exploitation via network could cause a hang or crash (DoS) with high privileges over multiple protocols. Connected advisories indicate fixed releases exist (e.g., ...

4.9CVSS5AI score0.02673EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.440 views

CVE-2018-3200

CVE-2018-3200 affects Oracle MySQL Server (InnoDB) and is exploitable with network access via multiple protocols by a high-privilege attacker to cause a hang or crash (DOS). Affected versions are 5.7.23 and prior and 8.0.12 and prior; CVSSv3 base score 4.9 (A: HIGH). The F5 advisory notes remedia...

4.9CVSS5AI score0.02673EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.440 views

CVE-2021-2389

CVE-2021-2389 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.34 and earlier and 8.0.25 and earlier. An unauthenticated attacker can exploit over network via multiple protocols to cause a hang or a frequent crash (complete DoS) of MySQL Server. Connected documents corroborate th...

7.1CVSS5.4AI score0.08216EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.437 views

CVE-2021-2036

CVE-2021-2036 affects the Oracle MySQL Server, component Server: Optimizer , with affected versions including 8.0.22 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or complete denial of service of the MySQL Server. The C...

6.8CVSS4.9AI score0.02157EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.437 views

CVE-2022-21624

CVE-2022-21624 is an Oracle Java SE/GraalVM EE vulnerability in the JNDI component (also described across connected advisories) that allows unauthenticated network access to potentially update/insert/delete data. Affected products/versions include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17....

3.7CVSS4AI score0.01401EPSS
CVE
CVE
added 2021/10/20 10:49 a.m.436 views

CVE-2021-35550

CVE-2021-35550 is a network-authenticated TLS vulnerability in the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise Edition, affecting Java SE 7u311, 8u301, 11.0.12 and GraalVM EE 20.3.3/21.2.0. Exploitation is possible over TLS with unauthenticated access and can lead to confidenti...

7.1CVSS5.8AI score0.06868EPSS
CVE
CVE
added 2020/07/15 5:34 p.m.435 views

CVE-2020-14621

CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...

5.3CVSS5.2AI score0.04315EPSS
CVE
CVE
added 2021/10/19 12:0 a.m.435 views

CVE-2021-37137

CVE-2021-37137 involves Netty’s Snappy frame decoding where the SnappyFrameDecoder does not restrict the chunk length, enabling potential excessive memory usage. The issue can be triggered by crafted input that decompresses to a very large size (via network streams or files) or by sending a very ...

7.5CVSS7.4AI score0.0628EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.434 views

CVE-2021-2307

CVE-2021-2307 affects Oracle MySQL Server (Server: Packaging) with affected versions 5.7.33 and prior and 8.0.23 and prior. The vulnerability allows unauthenticated access within the MySQL Server host after user interaction; CVSSv3.1 base score 6.1 (Confidentiality/Integrity). Affected components...

6.1CVSS6.1AI score0.01013EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.433 views

CVE-2023-22015

CVE-2023-22015 pertains to Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are MySQL 5.7.42 and prior and 8.0.31 and prior . The vulnerability enables a high-privilege attacker with network access via multiple protocols to cause a denial of service (hang or cr...

4.9CVSS4.9AI score0.00884EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.431 views

CVE-2018-3185

CVE-2018-3185 is a MySQL Server (InnoDB) vulnerability affecting 5.7.23 and earlier and 8.0.12 and earlier. The connected F5 advisory confirms exploitable remote access via multiple protocols by a high-privilege attacker, potentially causing a hang or crash (DoS) and unauthorized data updates. Th...

5.5CVSS5.5AI score0.02563EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.431 views

CVE-2018-3284

CVE-2018-3284 affects Oracle MySQL Server (InnoDB subcomponent) and related MySQL Server components. Affected versions: 5.7.23 and earlier, and 8.0.12 and earlier. The flaw allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS). Connected adviso...

4.4CVSS4.6AI score0.023EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.430 views

CVE-2018-3277

CVE-2018-3277 affects the MySQL Server component (subcomponent: InnoDB). Affected versions are 5.7.23 and prior and 8.0.12 and prior. The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols, and can lead to a hang or a frequent crash of MySQL Serve...

4.9CVSS5AI score0.02673EPSS
CVE
CVE
added 2022/04/19 8:37 p.m.430 views

CVE-2022-21460

CVE-2022-21460 affects the Oracle MySQL Server, component Server: Logging . Affected versions include MySQL 5.7.37 and earlier and 8.0.28 and earlier. The vulnerability can be exploited by a highly privileged attacker over the network via multiple protocols to gain unauthorized access to data or ...

4.4CVSS4.3AI score0.01359EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.430 views

CVE-2023-22006

CVE-2023-22006 affects Oracle Java SE (Networking) and GraalVM variants; listed affected versions include Oracle Java SE 11.0.19, 17.0.7, 20.0.1; GraalVM EE 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is hard to exploit and requires network access via multiple pr...

3.1CVSS4.2AI score0.00866EPSS
Total number of security vulnerabilities971