743 matches found
CVE-2018-3074
CVE-2018-3074 affects Oracle MySQL Server (Server: Security: Roles). Affected: MySQL 8.0.11 and earlier. Underlying issue: vulnerability in Roles subcomponent can allow a low-privileged, network-access attacker to cause a denial of service (hangs/crashes) in MySQL Server via multiple protocols. I...
CVE-2018-3075
Oracle MySQL Server (Server: Security: Privileges) is affected by CVE-2018-3075 in MySQL 8.0.11 and earlier. The vulnerability, described across IBM/IBM Guardium sources, enables a high-privilege attacker with network access via multiple protocols to compromise the MySQL Server and can result in ...
CVE-2019-13118
CVE-2019-13118 affects libxslt 1.1.33, where a too-narrow type holding grouping characters in xsl:number can pass an invalid character/length to xsltNumberFormatDecimal, causing a read of uninitialized stack data (stack overflow vulnerability). Connected Apple advisories (HT210351, HT210346, HT21...
CVE-2020-14771
CVE-2020-14771 describes an LDAP Auth access-control vulnerability in Oracle MySQL Server. Affected: MySQL Server versions 5.7.31 and earlier, 8.0.21 and earlier. The issue is exploitable by an authenticated attacker with network access via multiple protocols and can lead to partial denial of ser...
CVE-2022-21632
CVE-2022-21632 affects Oracle MySQL Server 8.0.30 and earlier. Vulnerability in Server: Security: Privileges enables a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (DoS). CVSS 3.1 base score 4.9 (Availability). Remediation observed in downst...
CVE-2024-21062
The CVE-2024-21062 entry corresponds to a vulnerability in Oracle MySQL Server (Server: Optimizer). The connected documentation confirms affected versions are 8.0.36 and prior and 8.3.0 and prior, with exploitation possible over the network by a high-privilege attacker, potentially causing a hang...
CVE-2018-3079
CVE-2018-3079 affects the Oracle MySQL Server InnoDB component. The vulnerability exists in MySQL 8.0.11 and earlier. An authenticated, high-privilege attacker who can reach the server over network (via multiple protocols) can trigger a denial of service, causing the server to hang or crash (A: H...
CVE-2018-3084
CVE-2018-3084 affects Oracle MySQL Server (Shell: Core/Client). Affects 8.0.11 and earlier; a low-privileged user with logon can exploit to cause partial denial of service. Exploitation requires user interaction; CVSSv3 base score 2.8 (LOW). Remediation: upgrade Oracle MySQL to patched versions p...
CVE-2019-16942
CVE-2019-16942 affects FasterXML jackson-databind 2.0.0–2.9.10. When Default Typing is enabled for an externally exposed JSON endpoint and the service includes the commons-dbcp 1.4 jar on the classpath, with an accessible RMI endpoint, the vulnerability can allow execution of a malicious payload ...
CVE-2020-11612
Netty CVE-2020-11612 affects Netty 4.1.x before 4.1.46, where ZlibDecoders may allocate memory without bounds while decoding a ZlibEncoded stream, potentially exhausting server memory. Affected product: Netty 4.1.x (ZlibDecoders). Remediation: upgrade to Netty 4.1.46.Final or later. The documents...
CVE-2022-21330
CVE-2022-21330 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. The vulnerability requires physical access to the hardware’s communication segment and user interaction from another person, with exploitation ...
CVE-2022-21318
CVE-2022-21318 affects Oracle MySQL Cluster (Cluster: General). Affected versions are 7.6.20 and earlier, and 8.0.27 and earlier. The vulnerability is described as difficult to exploit with high-privilege attacker access to the MySQL Cluster infrastructure, potentially leading to takeover of the ...
CVE-2024-20998
CVE-2024-20998 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.36 and prior and 8.3.0 and prior. The vulnerability can be exploited over the network by a high-privileged attacker to cause a hang or crash (complete DOS). Remediation observed in published advis...
CVE-2022-21317
CVE-2022-21317 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. Root cause enables a high-privilege attacker with access to the hardware network segment to read data from the MySQL Cluster and c...
CVE-2024-21000
CVE-2024-21000 affects Oracle MySQL Server (Server: Security: Privileges). The vulnerability is present in affected MySQL Server components for versions 8.0.36 and prior, and 8.3.0 and prior. Exploitation is possible with network access via multiple protocols and requires high privileges; success...
CVE-2024-21008
CVE-2024-21008 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL Server versions 8.0.36 and prior, and 8.3.0 and prior. Attackers with network access via multiple protocols and high privileges can cause a hang or a crash (DoS). The information in connected sources corroborates the ...
CVE-2024-21060
CVE-2024-21060 affects Oracle MySQL Server (Server: Data Dictionary). Affected versions: 8.0.36 and prior, 8.3.0 and prior. An attacker with high privileges and network access via multiple protocols can cause a hang or frequent crash (DoS). The vulnerability is described as easily exploitable. Pu...
CVE-2018-3286
CVE-2018-3286 affects Oracle MySQL Server (Server: Security: Privileges). Affected: MySQL 8.0.12 and earlier. Description from multiple sources: vulnerability allows a low-privileged, network-accessing attacker to modify data in MySQL Server through various protocols, with impact described as una...
CVE-2022-21360
CVE-2022-21360 affects Oracle Java SE and Oracle GraalVM Enterprise Edition (ImageIO component). Affected: Oracle Java SE 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0. Description: an easily exploitable, unauthenticated remote vulnerability could allow partia...
CVE-2023-21935
CVE-2023-21935 affects Oracle MySQL Server (Server: Optimizer) in 8.0.32 and earlier; exploit leads to high-privilege remote denial of service (hangs/crashes). Mitigation is upgrading to a patched MySQL 8.0.x release (vendor advisories and distro updates list 8.0.33+ and newer, e.g., Fedora/AlmaL...
CVE-2024-20993
CVE-2024-20993 affects Oracle MySQL Server, specifically the Optimizer component. Affected versions are MySQL 8.0.35 and earlier and 8.2.0 and earlier. The vulnerability is exploitable by an attacker with network access via multiple protocols and is described as capable of causing a hang or a fre...
CVE-2018-3066
CVE-2018-3066 affects the MySQL Server component (subcomponent: Server: Options) and is disclosed across multiple advisories. Affected versions include 5.5.60 and earlier, 5.6.40 and earlier, and 5.7.22 and earlier. The vulnerability is described as difficult to exploit, requiring network access ...
CVE-2018-3080
CVE-2018-3080 : Oracle MySQL Server (DDL subcomponent) is affected in 8.0.11 and earlier. The vulnerability, described as a server-side issue in the DDL path, can be exploited by a highly privileged attacker with network access via multiple protocols to trigger a hang or crash of MySQL Server, re...
CVE-2019-2426
CVE-2019-2426 affects Oracle Java SE Networking. Affected: Java SE 7u201, 8u192, 11.0.1; Java SE Embedded 8u191. Attack requires network access and can lead to unauthorized read access to a subset of Java SE data. Root cause: vulnerability in the Java SE Networking component that can be exploited...
CVE-2020-2816
CVE-2020-2816 affects Oracle Java SE JSSE in Java SE 11.0.6 and 14. The vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, potentially enabling unauthorized creation, deletion, or modification of data in Java SE‑accessible data. The description n...
CVE-2022-21280
The CVE-2022-21280 entry refers to Oracle MySQL Cluster (Component: Cluster: General). Affected versions are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability is described as difficult to exploit, requiring access to the physical communication segment a...
CVE-2022-21323
CVE-2022-21323 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster products prior to 7.5.24, 7.6.20, and 8.0.27. The issue allows a high-privilege attacker with access to the physical communication segment to compromise the cluster, enabling unauthorized read access to a subs...
CVE-2022-21357
CVE-2022-21357 affects Oracle MySQL Cluster (Cluster: General). Affected: 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and prior. Reported impact: unauthorized read of a subset of MySQL Cluster data and partial denial of service. Exploitation details vary by source, but public rec...
CVE-2022-21334
CVE-2022-21334 affects Oracle MySQL Cluster (Cluster: General) with affected versions 8.0.27 and earlier. The vulnerability is described as potentially leading to takeover of MySQL Cluster with a requirement for user interaction and access to the physical communication segment, and it is characte...
CVE-2022-21355
CVE-2022-21355 affects Oracle MySQL Cluster (Cluster: General). Public sources enumerate affected versions: 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. Several connected documents describe this as a buffer overflow vulnerability in MySQL Cluster, with the potential...
CVE-2022-21600
CVE-2022-21600 affects Oracle MySQL Server (Server: Optimizer). Affected: 8.0.27 and earlier. Exploitation by a high-privilege attacker with network access via multiple protocols can lead to takeover of the MySQL Server. CVSS v3.1 base score 7.2 (C/H I/H A/H). Remediation per advisory sources inc...
CVE-2024-21051
CVE-2024-21051 concerns Oracle MySQL Server (component: Server: DML). Affected are 8.0.34 and earlier. The vulnerability is exploitable by an attacker with network access through multiple protocols and can lead to a hang or frequently repeatable crash (complete DoS) of MySQL Server. The CVSSv3.1 ...
CVE-2018-2973
CVE-2018-2973 is an Oracle Java SE/JSSE vulnerability affecting Java SE: 6u191, 7u181, 8u172, 10.0.1 and Java SE Embedded: 8u171. It can be exploited over the network with SSL/TLS by an unauthenticated attacker to cause unauthorized data modifications (integrity impact). Affected deployments load...
CVE-2018-3073
CVE-2018-3073 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL 8.0.11 and earlier. The vulnerability could be exploited by a low-privilege, network-authenticated attacker via multiple protocols to cause a hang or frequent crash of MySQL Server (denial of service, high Availabil...
CVE-2018-3078
CVE-2018-3078 affects Oracle MySQL Server (Server: DDL) with affected versions 8.0.11 and earlier. The vulnerability can be exploited by a high-privilege attacker who can access the server over multiple network protocols to cause the MySQL Server to hang or crash (complete DoS). If exploiting det...
CVE-2022-21356
The CVE-2022-21356 entry concerns Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. The vulnerability appears to allow a high-privilege attacker with access to the physical communication segment t...
CVE-2018-3082
CVE-2018-3082 affects Oracle MySQL’s MySQL Server component, specifically the Server: DDL subcomponent. Affected are MySQL 8.0.11 and earlier. An attacker with network access via multiple protocols and high privileges can read a subset of MySQL Server data due to the vulnerability. The issue is a...
CVE-2018-3170
CVE-2018-3170 affects Oracle MySQL Server (Server: DDL). Affected: MySQL 8.0.12 and earlier. Description from multiple sources confirms a high-privilege attacker with network access via multiple protocols can cause a hang or complete denial of service (DOS) on MySQL Server. Several connected advi...
CVE-2019-14379
CVE-2019-14379 affects FasterXML jackson-databind prior to 2.9.9.2, where default typing mishandling when ehcache is present (via net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leads to remote code execution. Affected component is jackson-databind’s data-binding implementatio...
CVE-2022-23913
CVE-2022-23913 affects Apache ActiveMQ Artemis, specifically versions prior to 2.20.0 or 2.19.1. The issue allows an attacker to partially disrupt availability (DoS) through uncontrolled memory/resource consumption. This conclusion is drawn from the CVE entry and the IBM security bulletin that li...
CVE-2024-21049
CVE-2024-21049 affects Oracle MySQL Server (Server: DML). Affected: MySQL Server 8.0.34 and earlier. Attackers with network access via multiple protocols and with high privileges can cause a hang or frequent crash (DoS). Public details in connected docs confirm the vulnerability class and impact;...
CVE-2018-3279
CVE-2018-3279 affects Oracle MySQL Server (subcomponent: Server: Security: Roles). Affected versions are 8.0.12 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or frequent crash (DoS) of MySQL Server. CVSS 3.0 base score ...
CVE-2022-21312
CVE-2022-21312 affects the MySQL Cluster component of Oracle MySQL. Affected versions are 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. The vulnerability can be exploited by a highly privileged attacker with access to the physical network segment attached to ...
CVE-2022-21314
The CVE-2022-21314 entry concerns Oracle MySQL Cluster (component: Cluster: General). Affected versions are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability allows a highly privileged attacker with access to the hardware’s physical communication segmen...
CVE-2024-21061
CVE-2024-21061 affects Oracle MySQL’s server-side Audit Plug-in in MySQL Server. Affected versions are 8.0.35 and earlier and 8.2.0 and earlier. The vulnerability enables a high-privilege attacker who can reach the server over network protocols to cause a hang or frequently repeatable crash (comp...
CVE-2018-2767
CVE-2018-2767 affects Oracle MySQL Server (subcomponent: Server: Security: Encryption). Affected are MySQL Server versions 5.5.60 and earlier, 5.6.40 and earlier, and 5.7.22 and earlier. The vulnerability allows a low-privilege attacker who can reach the server over multiple network protocols to ...
CVE-2018-3195
CVE-2018-3195 affects Oracle MySQL Server, specifically the Server: DDL subcomponent. The connected advisory for this CVE confirms affected versions are 8.0.12 and prior. The vulnerability can be exploited by a high-privileged attacker who can access the server over multiple network protocols, an...
CVE-2023-21911
CVE-2023-21911 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.32 and earlier. The advisory states the issue allows a high-privilege attacker, over the network via multiple protocols, to cause a hang or crash (complete DoS) of MySQL Server. Exploitation details are not provided ...
CVE-2018-2938
CVE-2018-2938 concerns a vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Affected versions are Java SE: 6u191, 7u181, and 8u172. The vulnerability is described as difficult to exploit but capable of allowing an unauthenticated attacker with network access via mul...
CVE-2022-21309
The CVE-2022-21309 entry concerns Oracle MySQL Cluster (Cluster: General). Affected are MySQL Cluster versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability is exploitable only by a high-privilege attacker with access to the hardware’s physical comm...