169 matches found
CVE-2018-3283
CVE-2018-3283 is mapped to Oracle MySQL Server: Logging vulnerability. Connected Red Hat entry RHSA-2018:3655 confirms affected components and notes that affected MySQL server components require a security update; remediation is provided via updated MySQL packages (e.g., for the RHSA advisory, up...
CVE-2018-3276
CVE-2018-3276 affects the Oracle MySQL Server component (subcomponent: Server: Memcached). Affected are MySQL versions 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. The vulnerability allows a high-privilege attacker with network access via multiple protocols to compromise the MySQL Se...
CVE-2018-3203
CVE-2018-3203 affects Oracle MySQL Server (Server: Optimizer). A vulnerability in the Server: Optimizer could be exploited by a low-privilege, network-accessible attacker to cause a hang or frequent, repeatable crashes (DoS). Affected are MySQL Server versions up to 8.0.12 and earlier. The initia...
CVE-2018-3212
CVE-2018-3212 affects Oracle MySQL Server, subcomponent Server: Information Schema. Affected versions are 8.0.12 and prior. An attacker with network access and high privileges can cause a denial of service via hang or crash of the MySQL Server. Connected Fedora notices indicate this CVE was fixed...
CVE-2018-3247
CVE-2018-3247 affects Oracle MySQL Server, subcomponent Server: Merge. Affected versions are MySQL 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. The vulnerability can be exploited by a high-privilege attacker with network access via multiple protocols to cause a hang or frequent...
CVE-2019-2502
CVE-2019-2502 affects Oracle MySQL Server (InnoDB). Affected versions are 8.0.13 and earlier. The vulnerability can be exploited by a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (DoS) of MySQL Server. The provided documents do not include e...
CVE-2018-3145
CVE-2018-3145 affects Oracle MySQL Server (Server: Parser) with impact on availability. Affected: MySQL Server 8.0.12 and earlier; vulnerability allows a low-privilege, network-accessible attacker to trigger a hang or frequent crash (DoS) via multiple protocols. CVSS 3.0 base score 6.5 (AV:N/AC:L...
CVE-2019-2513
CVE-2019-2513 affects Oracle MySQL Server Shell in MySQL 8.0.13 and earlier. A low-privilege, locally authenticated attacker who can log on to the infrastructure where MySQL Server runs can compromise the server, with successful attacks enabling read access to a subset of data. The vulnerability ...
CVE-2018-3137
CVE-2018-3137 : In Oracle MySQL, the MySQL Server component (Server: Optimizer) is affected. Affected versions are 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can remotely cause the server to hang or crash (denial of service). CVSS v3.1 base score...
CVE-2018-3285
CVE-2018-3285 is a vulnerability in the MySQL Server component of Oracle MySQL (Server: Windows). Affected versions are 8.0.12 and prior. It allows a high-privileged attacker with network access via multiple protocols to cause a hang or a frequently repeating crash (complete DOS) of MySQL Server....
CVE-2015-7871
CVE-2015-7871 is an authentication-bypass vulnerability in ntpd caused by handling of crypto-NAK packets. A remote, unauthenticated attacker could force ntpd to peer with attacker-controlled time sources, bypassing authentication and potentially tampering time data. Affected series include NTP 4....
CVE-2018-3280
CVE-2018-3280 affects the MySQL Server component (Server: JSON) of Oracle MySQL. Affected products/versions: MySQL 8.0.12 and earlier. The vulnerability allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang or a frequent, repeatable crash of...
CVE-2018-3286
CVE-2018-3286 affects Oracle MySQL Server (Server: Security: Privileges). Affected: MySQL 8.0.12 and earlier. Description from multiple sources: vulnerability allows a low-privileged, network-accessing attacker to modify data in MySQL Server through various protocols, with impact described as una...
CVE-2019-2426
CVE-2019-2426 affects Oracle Java SE Networking. Affected: Java SE 7u201, 8u192, 11.0.1; Java SE Embedded 8u191. Attack requires network access and can lead to unauthorized read access to a subset of Java SE data. Root cause: vulnerability in the Java SE Networking component that can be exploited...
CVE-2018-2973
CVE-2018-2973 is an Oracle Java SE/JSSE vulnerability affecting Java SE: 6u191, 7u181, 8u172, 10.0.1 and Java SE Embedded: 8u171. It can be exploited over the network with SSL/TLS by an unauthenticated attacker to cause unauthorized data modifications (integrity impact). Affected deployments load...
CVE-2017-7657
CVE-2017-7657 affects Eclipse Jetty: transfer-encoding chunk size parsing could overflow an integer, causing large chunks to be treated as smaller ones and enabling a fake pipelined request that bypasses intermediary authorization. Affected versions include Jetty 9.2.x and older, 9.3.x (all confi...
CVE-2018-3170
CVE-2018-3170 affects Oracle MySQL Server (Server: DDL). Affected: MySQL 8.0.12 and earlier. Description from multiple sources confirms a high-privilege attacker with network access via multiple protocols can cause a hang or complete denial of service (DOS) on MySQL Server. Several connected advi...
CVE-2018-3279
CVE-2018-3279 affects Oracle MySQL Server (subcomponent: Server: Security: Roles). Affected versions are 8.0.12 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or frequent crash (DoS) of MySQL Server. CVSS 3.0 base score ...
CVE-2018-3195
CVE-2018-3195 affects Oracle MySQL Server, specifically the Server: DDL subcomponent. The connected advisory for this CVE confirms affected versions are 8.0.12 and prior. The vulnerability can be exploited by a high-privileged attacker who can access the server over multiple network protocols, an...
CVE-2018-2938
CVE-2018-2938 concerns a vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Affected versions are Java SE: 6u191, 7u181, and 8u172. The vulnerability is described as difficult to exploit but capable of allowing an unauthenticated attacker with network access via mul...
CVE-2018-3186
CVE-2018-3186 affects Oracle MySQL Server (Server: Optimizer) prior to or including 8.0.12. An attacker with high privileges and network access via multiple protocols can cause a hang or crash (DoS) in MySQL Server. The provided documents specify the vulnerable component and impact but do not inc...
CVE-2018-3182
CVE-2018-3182 affects the MySQL Server component (Server: DML). Affected versions are 8.0.12 and prior. An attacker with network access and low privileges via multiple protocols can cause the MySQL Server to hang or crash (DoS). CVSS 3.0 base score is 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Th...
CVE-2016-8610
CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...
CVE-2017-10355
CVE-2017-10355 is documented across multiple openJDK/OpenJDK-derived advisories (CentOS, Debian, Amazon, IBM, etc.) as a networking vulnerability in the FtpClient component of OpenJDK’s Java SE/Java SE Embedded. Technical details in connected sources specify that the FtpClient did not set default...
CVE-2018-2940
CVE-2018-2940 affects Oracle Java SE and Java SE Embedded Libraries. Affected: Java SE 6u191, 7u181, 8u172, 10.0.1; Java SE Embedded 8u171. Underlying issue in the Libraries component allows an unauthenticated, network-accessible attacker to read data from Java deployments that load untrusted cod...
CVE-2018-2813
CVE-2018-2813 is reported in the F5 AWS advisory as a MySQL Server (subcomponent: Server: DDL) vulnerability. Affected are Oracle MySQL/MariaDB lineage versions 5.5.59 and prior, 5.6.39 and prior, and 5.7.21 and prior. The issue: a low-privileged attacker with network access can compromise MySQL ...
CVE-2017-10102
CVE-2017-10102 is a remotely exploitable issue in Oracle Java SE and Java SE Embedded (RMI subcomponent) affecting Java SE 6u151, 7u141, 8u131 and Java SE Embedded 8u131. A remote attacker could compromise the target via API data handling over network access, potentially taking over the Java runt...
CVE-2017-10345
CVE-2017-10345 affects Oracle Java SE/Embedded/JRockit serialization. The vulnerability allows an unauthenticated attacker with network access to compromise the target, potentially causing a partial denial of service; exploitation is difficult and may require human interaction. Affected versions ...
CVE-2017-10115
CVE-2017-10115 is a covert timing-channel vulnerability in the DSA implementation of the JCE in OpenJDK/OpenJRE/JRockit, affecting Java SE 6u151, 7u141, 8u131 and related packages (e.g., OpenJDK 7 on Debian/Ubuntu, RHEL/CentOS, Arch Linux advisories). A remote attacker could potentially exploit t...
CVE-2017-10135
CVE-2017-10135 is a timing-channel vulnerability in the PKCS#8 implementation of the JCE component of OpenJDK/OpenJDK-derived JREs. Public sources in the dataset describe it as a covert timing channel flaw that could enable a remote attacker to glean information about the private key via timing a...
CVE-2017-10268
CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...
CVE-2017-10356
CVE-2017-10356 affects OpenJDK/OpenJDK Security component. The root cause is weak password-based encryption keys used to protect private keys stored in keystores, enabling an unauthenticated attacker with sufficient access to compromise protected data. Affected: Java SE components (OpenJDK/OpenJD...
CVE-2017-10281
CVE-2017-10281 affects Oracle/OpenJDK components (Java SE, Java SE Embedded, JRockit) with the Serialization subcomponent. The vulnerability is exploitable remotely via network protocols and can be triggered by sandboxed Web Start/Applet use or by supplying data to APIs, potentially causing parti...
CVE-2017-10087
CVE-2017-10087 is a vulnerability in Oracle Java SE/Java SE Embedded Libraries affecting Java SE 6u151, 7u141, and 8u131, and Java SE Embedded 8u131. The issue is an access-control bypass in the Libraries component that could allow a network-facilitated, unauthenticated attacker to take control o...
CVE-2017-10295
CVE-2017-10295 affects OpenJDK (Java SE/Java SE Embedded) Networking: HttpURLConnection/HttpsURLConnection failed to detect newline characters in URLs, enabling potential HTTP header injection via attacker-provided URLs. Public notices in connected docs show affected package openjdk-7/openjdk-8 w...
CVE-2017-10350
CVE-2017-10350 is an OpenJDK/Oracle Java SE vulnerability in the JAX-WS subcomponent that could allow an unauthenticated network attacker to cause a partial denial of service in Java SE/Java SE Embedded deployments (clients loading untrusted code in sandbox). Affected versions per initial descrip...
CVE-2017-10116
CVE-2017-10116 affects Oracle Java SE / Java SE Embedded / JRockit (OpenJDK-related vulnerabilities also reflected in various advisories). The vulnerability arises in the Security component’s LDAPCertStore where LDAP referrals to arbitrary URLs could be used by an unauthenticated network attacker...
CVE-2017-10388
CVE-2017-10388 affects the OpenJDK Kerberos client: the sname field from the plain-text KDC reply was used instead of the encrypted part, enabling a potential MITM impersonation of Kerberos services for Java applications acting as Kerberos clients. This vulnerability is documented across multiple...
CVE-2017-10067
CVE-2017-10067 affects Java SE Security in OpenJDK (targets: Java 6u151, 7u141, 8u131). The vulnerability allows a network-accessing, unauthenticated attacker to take control of the Java runtime via multiple protocols; exploitation requires user interaction. Impact aligns with the CVSS 3.0 base s...
CVE-2018-1258
CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...
CVE-2017-10348
CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...
CVE-2017-10090
CVE-2017-10090 affects Oracle/OpenJDK libraries (Java SE and Java SE Embedded). The connected documents confirm affected components and versions (Java SE: 7u141, 8u131; Java SE Embedded: 8u131) and describe the root cause as gaps in the Libraries/RMI-related areas that can bypass sandbox restrict...
CVE-2017-10346
CVE-2017-10346 is an OpenJDK/Java SE vulnerability affecting multiple OpenJDK components (Hotspot, OpenJDK sandboxes) across affected Java versions (OpenJDK6/7/8/9 in various advisories). The public records in connected documents indicate the issue includes bypassing Java sandbox restrictions via...
CVE-2017-10243
CVE-2017-10243 affects Oracle Java SE, Java SE Embedded, and JRockit (JAX-WS subcomponent). Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. Exploitation: unauthenticated attacker with network access via multiple protocols can read a subset of data and cause a part...
CVE-2017-10285
CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...
CVE-2017-10081
CVE-2017-10081 is a Sandbox/Access-Restriction bypass in the Hotspot component of OpenJDK. Affected Java runtimes include Java SE 6u151, 7u141, and 8u131 (Java SE Embedded 8u131). Several connected advisories note this as part of a broader OpenJDK set of issues (RMI, JAXP, ImageIO, Libraries, AWT...
CVE-2017-10378
CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...
CVE-2017-10109
CVE-2017-10109 concerns a serialization flaw in Oracle/OpenJDK Java SE components (Java SE, Java SE Embedded, JRockit). The vulnerability, tied to the Serialization subcomponent, can allow an unauthenticated, network-scoped attacker to trigger a denial of service (partial DoS) by loading untruste...
CVE-2017-10096
CVE-2017-10096 – OpenJDK/JAXP vulnerability (CWE-style) shows a flaw in the Java SE/Java SE Embedded stack, specifically the JAXP component. Affected are Oracle Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability can allow an unauthenticated attacker with network ac...
CVE-2017-10101
CVE-2017-10101 is a concrete OpenJDK/OpenJDK JAXP vulnerability. Affected: Java SE (6u151, 7u141, 8u131) and Java SE Embedded (8u131). Issue: untrusted code loaded in sandboxed deployments can bypass protections and lead to full takeover of Java SE/Embedded via JAXP. Exploitation is network-based...