971 matches found
CVE-2022-21305
CVE-2022-21305 is present across multiple Oracle Java SE and GraalVM Enterprise Edition components (Hotspot, Serialization, JAXP, ImageIO, Libraries, 2D/3D) affecting Java versions 7u321, 8u311, 11.0.13, 17.0.1 (and GraalVM EE 20.3.4/21.3.0). Public advisories describe unauthenticated network-bas...
CVE-2024-21047
CVE-2024-21047 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.36 and earlier and 8.3.0 and earlier. It enables a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DOS). Several sources (NVD/NASL references via Tenable/TSSA advisories) co...
CVE-2020-2627
CVE-2020-2627 affects MySQL Server (Oracle MySQL), specifically the Parser component in MySQL 8.0.18 and earlier. The vulnerability is described as easily exploitable with network access via multiple protocols, potentially causing the MySQL Server to hang or crash (complete DOS) via the Parser. C...
CVE-2020-2903
CVE-2020-2903 affects Oracle MySQL Server (Server: Connection Handling). Affected: MySQL 8.0.19 and earlier. Exploitation requires network access and a high-privilege attacker can cause a hang or crash (DoS) via multiple protocols. CVSS v3 base 4.9 (A: High). Remediation: upgrade to a fixed relea...
CVE-2021-2298
CVE-2021-2298 affects Oracle MySQL Server, component Server: Optimizer, with affected versions 8.0.23 and earlier. It is a network-exploitable issue where a low-privileged attacker can cause a hang or frequent crash (DoS). Evidence across sources confirms the vulnerability details and the potenti...
CVE-2021-29489
Highcharts JS (charting library) versions 8 and earlier are vulnerable to cross-site scripting due to inadequate filtering of the chart options structure for XSS vectors. The vulnerability can allow execution of untrusted script in the end user’s browser if the configuration contains malicious in...
CVE-2020-14553
CVE-2020-14553 affects Oracle MySQL Server (Server: Pluggable Auth) with versions 5.7.30 and prior and 8.0.20 and prior. The vulnerability allows a low-privilege, network-accessible attacker to perform unauthorized updates to MySQL data (I:LOW, A:N) via multiple protocols. Public sources confirm ...
CVE-2020-14828
CVE-2020-14828 affects Oracle MySQL Server (Server: DML) and is detailed in related documents as affecting MySQL 8.0.21 and earlier. The vulnerability is described as easily exploitable, allowing a high-privilege attacker with network access via multiple protocols to take over the MySQL Server, w...
CVE-2021-2179
CVE-2021-2179 affects Oracle MySQL Server (component: Server: Group Replication Plugin). Affected versions include MySQL 5.7.33 and earlier and 8.0.23 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or frequent crash (DoS...
CVE-2021-2304
CVE-2021-2304 affects Oracle MySQL Server (Server: Stored Procedure) in MySQL 8.0.23 and earlier. The underlying issue enables a high-privilege attacker, over network via multiple protocols, to cause a hang or crash (DoS) and to perform unauthorized updates/deletes on accessible data. Patches exi...
CVE-2022-21824
CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...
CVE-2019-2991
CVE-2019-2991: A vulnerability in Oracle MySQL Server (Server: Optimizer) affects MySQL 8.0.x
CVE-2019-3011
CVE-2019-3011 affects Oracle MySQL Server (Server: C API). Affected versions are 8.0.17 and prior; attacker with network access via multiple protocols can cause MySQL Server to hang or crash (DoS). Multiple connected advisories reference this CVE within the MySQL 8.0 stack (InnoDB/C API/Parser/et...
CVE-2020-2601
CVE-2020-2601 affects Oracle Java SE and Java SE Embedded Security components. Affected Java SE: 7u241, 8u231, 11.0.5, 13.0.1; Java SE Embedded: 8u231. Root cause is a Kerberos-related issue that can be exploited by an unauthenticated attacker with network access, potentially allowing access to s...
CVE-2020-2755
CVE-2020-2755 is reported in the Oracle Java SE scripting component affecting Java SE 8u241, 11.0.6 and 14 (and Java SE Embedded 8u241). The vulnerability allows an unauthenticated attacker with network access to cause a partial denial of service in Java SE/Java SE Embedded. The CVSS base score i...
CVE-2021-2164
CVE-2021-2164 affects Oracle MySQL Server (Server: Optimizer) with affected versions up to 8.0.23. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or a repeatable crash (DoS). Connected advisories indicate a fix is available in later M...
CVE-2021-2301
CVE-2021-2301 affects Oracle MySQL Server (component: Server: Information Schema). Public records show affected versions up to 8.0.23. The vulnerability allows a high-privilege attacker with network access via multiple protocols to obtain unauthorized read access from the Information Schema data....
CVE-2021-2305
CVE-2021-2305 affects Oracle MySQL Server (component: Server: DML) and impacts users running MySQL Server 8.0.23 and earlier. The vulnerability arises in the Server: DML area and can be exploited by a high-privilege attacker with network access via multiple protocols, potentially allowing the att...
CVE-2021-2308
CVE-2021-2308 affects Oracle MySQL Server, component Server: Information Schema. Affected: MySQL 8.0.23 and earlier. Vulnerability allows a high-privilege attacker with network access via multiple protocols to read a subset of MySQL Server data. CVSSv3.1 base score 2.7 (LOW); vector: AV:N/AC:L/PR...
CVE-2022-21299
CVE-2022-21299 is reported across multiple feeds as affecting Oracle Java SE and GraalVM Enterprise Edition, involving several components (JAXP, Serialization, Libraries, ImageIO, Hotspot, 2D). Affected Java SE versions include 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE versions 20.3.4 and 21.3.0....
CVE-2019-2967
CVE-2019-2967 is a vulnerability in Oracle MySQL Server (Server: Optimizer) affecting 8.0.17 and older. An attacker with low privileges and network access via multiple protocols can exploit it to cause a hang or crash (DoS). The exploit details and CVSS context are reflected across multiple advis...
CVE-2020-2660
CVE-2020-2660 affects Oracle MySQL's MySQL Server (component: Server: Optimizer). The cited description indicates an easily exploitable, network-accessible vulnerability allowing a high-privilege attacker to cause a hang or a frequent crash (complete DOS) of MySQL Server. Affected versions are 5....
CVE-2020-2762
CVE-2020-2762 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.19 and earlier. The root cause is within the InnoDB component, enabling a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) on the MySQL Server. Impact is Availability (...
CVE-2021-2196
CVE-2021-2196 affects Oracle MySQL Server (component: Server: DML). Affected versions: 8.0.23 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequent crash (DoS). No exploitation details are provided in the documents. Remediation status...
CVE-2021-2278
CVE-2021-2278 affects Oracle MySQL Server, component Server: Optimizer. Affected: MySQL 8.0.23 and prior. An attacker with high privileges and network access via multiple protocols can trigger a hang or crash of MySQL Server (complete DoS). Documents corroborate impact as a denial of service with...
CVE-2022-21496
CVE-2022-21496 affects Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (JNDI, JAXP, Libraries, Hotspot) with listed affected versions. The vulnerability enables network-accessible, unauthenticated attackers to modify or access data (integrity/availability impacts) ...
CVE-2020-14633
CVE-2020-14633 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.20 and earlier. The vulnerability enables a high-privileged attacker with network access via multiple protocols to perform unauthorized update/insert/delete on MySQL Server data. The connected advisories corroborate mu...
CVE-2020-14643
CVE-2020-14643 affects Oracle MySQL’s MySQL Server (component: Server: Security: Roles). The vulnerability targets MySQL Server versions 8.0.20 and earlier. An attacker with network access through multiple protocols and high privileges can exploit this issue to cause a hang or a frequently repeat...
CVE-2020-14829
CVE-2020-14829 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.21 and earlier. The flaw allows a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (complete DoS) of MySQL Server. CVSS v3.1 base score is 4.9 (Availability impact)...
CVE-2020-2761
CVE-2020-2761 affects Oracle MySQL Server (Server: Security: Privileges) in MySQL 8.0.18 and earlier. An authenticated, high-privilege attacker with network access via multiple protocols can cause a hang or crash (DoS). Remediation is to upgrade MySQL to a version where the fix is included (per A...
CVE-2020-2774
CVE-2020-2774 affects Oracle MySQL Server 8.0.18 and earlier, involving the Server: Security: Privileges area. A high-privilege attacker with network access via multiple protocols can cause a hang or frequent crash (DoS) of MySQL Server. The available connected documents confirm the vulnerability...
CVE-2020-2805
CVE-2020-2805 is an OpenJDK/OpenJDK Libraries issue. The connected Chainguard entry states the flaw resides in the readObject() method of the MethodType class within the Libraries component of OpenJDK, which can allow an untrusted Java applet or application to bypass Java sandbox restrictions. Th...
CVE-2019-3009
CVE-2019-3009 affects Oracle MySQL Server (Server: Connection). Affected versions are 8.0.17 and earlier. The root cause, as described in the public entry and corroborated by linked advisories, is a condition that enables a high-privilege attacker who can access the server over multiple protocols...
CVE-2020-14804
CVE-2020-14804 affects Oracle MySQL Server (component: Server: FTS). Affected versions: 8.0.21 and earlier. An attacker with high privileges, over the network via multiple protocols, can cause a hang or crash (DoS) in MySQL Server. Remediation in connected docs shows upgrading to MySQL 8.0.26 (an...
CVE-2020-14848
CVE-2020-14848 affects MySQL Server (Oracle MySQL), specifically the InnoDB component. Affected products/versions: MySQL 8.0.21 and earlier. Description from connected docs: an authenticated attacker with network access via multiple protocols can exploit this to trigger a hang or a frequently rep...
CVE-2020-2895
CVE-2020-2895 affects Oracle MySQL Server, InnoDB component. Affected: MySQL 8.0.19 and earlier. Vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. CVSS 3.0 base score 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)...
CVE-2021-36222
CVE-2021-36222 affects MIT Kerberos 5 (krb5) KDC: the ec_verify path in kdc/kdc_preauth_ec.c can trigger a NULL pointer dereference and daemon crash. The issue occurs in KDC processing for PA-ENCRYPTED-CHALLENGE data when not correctly handling a return value in certain situations, leading to a d...
CVE-2019-2960
CVE-2019-2960 refers to a vulnerability in Oracle MySQL Server (Server: Replication). Affected versions are MySQL 5.7.27 and prior and 8.0.17 and prior. The issue is exploitable with network access via multiple protocols by a high-privilege attacker and can lead to a hang or frequently repeatable...
CVE-2019-2963
CVE-2019-2963 affects Oracle MySQL Server (InnoDB). According to the supplied connected advisories, vulnerable versions are MySQL 8.0.17 and earlier. The vulnerability enables high-privilege, network-access attackers to cause the MySQL Server to hang or crash (denial of service). The documents do...
CVE-2019-3004
CVE-2019-3004 affects Oracle MySQL Server (component: Server: Parser). Affected: MySQL Server 8.0.17 and earlier. Description: a low-privilege, network-accessible attacker can cause a hang or as-needed crash (complete DOS) of MySQL Server via multiple protocols. Connected documents corroborate pr...
CVE-2021-2212
CVE-2021-2212 affects Oracle MySQL Server (Server: Optimizer) up to and including 8.0.23. The vulnerability exists in the optimizer component and, per sources, is exploitable by a high-privilege attacker who can reach the server over the network via multiple protocols, with the stated impact of a...
CVE-2021-35610
CVE-2021-35610 affects Oracle MySQL Server (component: Server: Optimizer) for MySQL versions 8.0.26 and earlier. The vulnerability can be triggered by a low-privileged user with network access over multiple protocols, potentially causing a hang or crash (DoS) and enabling unauthorized data update...
CVE-2019-2957
CVE-2019-2957 is a vulnerability in Oracle MySQL Server (Server: Security: Encryption) affecting MySQL 8.0.17 and earlier. The issue allows a highly privileged attacker who can reach the server over multiple network protocols to trigger a hang or crash (complete or frequent DOS) in MySQL Server. ...
CVE-2019-2993
CVE-2019-2993 is a vulnerability in Oracle MySQL’s MySQL Server, specifically the Server: C API component. Affected versions include MySQL 5.7.27 and earlier and 8.0.17 and earlier. The vulnerability is described as difficult to exploit but, if exploited by a low-privilege attacker with network a...
CVE-2020-14568
The CVE-2020-14568 issue affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.20 and earlier. The root cause involves InnoDB-related vulnerabilities that can allow a high-privileged attacker with network access to cause a hang or a frequent crash (complete DoS) of MySQL Server via mu...
CVE-2020-14624
CVE-2020-14624 is a MySQL Server vulnerability affecting the Server: JSON component. The available documents identify affected versions as 8.0.20 and prior, with exploitation requiring network access via multiple protocols. Successful attacks can cause the MySQL Server to hang or crash (complete ...
CVE-2020-14680
CVE-2020-14680 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected are MySQL Server versions 8.0.20 and earlier . The vulnerability is exploitable remotely via multiple protocols by a low-privilege attacker , resulting in a possible hang or crash (DENIAL OF SERVICE...
CVE-2020-14782
CVE-2020-14782 affects Oracle/OpenJDK Java SE/SE Embedded libraries (notably the Certificates processing) with affected versions including Java 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. Connected advisory data confirms multiple vendors package updates across OpenJDK variants (e.g., ALA...
CVE-2021-2172
CVE-2021-2172 affects Oracle MySQL Server (Server: DML) for 8.0.23 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or crash (DoS). CVSSv3.1 base score 6.5 (A: High). Remediation exists in newer MySQL 8.0 releases (e.g., Fedora/AlmaLinux advi...
CVE-2021-2201
CVE-2021-2201 affects Oracle MySQL Server (Server: Partition) and is described across multiple sources as affecting MySQL 8.0.23 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) in MySQL Server, with CVSS 3.1...