743 matches found
CVE-2022-21285
CVE-2022-21285 affects Oracle MySQL Cluster (Cluster: General) for MySQL Cluster: vulnerable in versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. Root cause details are not explicitly stated in the provided documents beyond the vulnerability description. The vul...
CVE-2022-21287
CVE-2022-21287 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and prior. The issue can allow takeover of MySQL Cluster and is described as high impact to confidentiality, integrity, and availability. Exploitation co...
CVE-2022-21329
The CVE-2022-21329 entry concerns Oracle MySQL Cluster (component: Cluster: General). Affected versions are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability allows a high-privilege attacker with access to the hardware’s physical communication segment t...
CVE-2022-21332
CVE-2022-21332 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, 8.0.27 and prior. The vulnerability allows a high-privilege attacker with access to the hardware’s physical communication segment to takeover the MySQL Cluster,...
CVE-2022-21333
CVE-2022-21333 is a vulnerability in Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. The connected sources describe a buffer overflow in Oracle MySQL Cluster that can allow a high-privilege atta...
CVE-2023-21947
CVE-2023-21947 affects Oracle MySQL Server (component: Server: Components Services) version 8.0.32 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or a frequent, repeatable crash (complete DoS) of MySQL Server. The descrip...
CVE-2022-21288
CVE-2022-21288 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. Root cause details are not fully specified in the provided documents, but the impact is a takeover of MySQL Cluster with high privileges, ...
CVE-2022-21313
CVE-2022-21313 concerns the Oracle MySQL Cluster component (Cluster: General). The vulnerability affects MySQL Cluster in versions 7.6.20 and earlier and 8.0.27 and earlier. It is described as allowing a high-privilege attacker with access to the hardware’s physical communication segment to obtai...
CVE-2022-21315
The CVE-2022-21315 entry concerns Oracle MySQL Cluster (Cluster: General). Affected are MySQL Cluster versions 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. The vulnerability is exploitable by a high-privilege attacker who has access to the physical communica...
CVE-2018-12015
CVE-2018-12015 affects the Archive::Tar module in Perl (up to 5.26.2). The vulnerability lets a crafted tar archive bypass directory-traversal protection and overwrite arbitrary files when a tar contains a symlink and a regular file with the same name. Affected advisories/archives confirm the iss...
CVE-2018-3186
CVE-2018-3186 affects Oracle MySQL Server (Server: Optimizer) prior to or including 8.0.12. An attacker with high privileges and network access via multiple protocols can cause a hang or crash (DoS) in MySQL Server. The provided documents specify the vulnerable component and impact but do not inc...
CVE-2022-21307
CVE-2022-21307 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability arises in MySQL Cluster and, per sources, can lead to takeover of the cluster and has a CVSS 3.1 base score of 6....
CVE-2024-21056
CVE-2024-21056 affects Oracle MySQL Server (Server: DML); supported versions 8.0.34 and prior are impacted. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or frequent, complete denial of service of MySQL Server. CVSS 3.1 base score 4...
CVE-2024-21050
CVE-2024-21050 is a MySQL Server vulnerability (Oracle MySQL) in the Server: DML component. Affected versions are 8.0.34 and earlier. An attacker with network access and high privileges can cause the MySQL Server to hang or crash (complete DOS). The public details consistently describe the issue ...
CVE-2024-21055
CVE-2024-21055 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.35 and prior. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or a frequent, repeatable crash (complete DOS) of MySQL Server. The base...
CVE-2018-3182
CVE-2018-3182 affects the MySQL Server component (Server: DML). Affected versions are 8.0.12 and prior. An attacker with network access and low privileges via multiple protocols can cause the MySQL Server to hang or crash (DoS). CVSS 3.0 base score is 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Th...
CVE-2019-2958
CVE-2019-2958 affects Oracle Java SE and Java SE Embedded (Libraries component). Affected versions include Java SE: 7u231, 8u221, 11.0.4, 13 and Java SE Embedded: 8u221. Described vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Jav...
CVE-2022-21286
CVE-2022-21286 affects Oracle MySQL Cluster (Cluster: General). Affected versions are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability can be exploited by a high-privilege attacker with access to the physical communication segment used by the MySQL Clu...
CVE-2022-21319
CVE-2022-21319 applies to Oracle MySQL Cluster (Cluster: General) and affects MySQL Cluster versions up to 8.0.27.x and earlier (also 7.x series). The vulnerability allows an attacker with access to the physical cluster network to read a subset of data and may enable partial DoS; exploitation req...
CVE-2016-8610
CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...
CVE-2022-21322
CVE-2022-21322 affects Oracle MySQL Cluster (component: Cluster: General). Affected are MySQL Cluster versions 8.0.27 and earlier. The vulnerability is described as high impact and difficult to exploit, requiring access to the physical network segment and user interaction, with potential takeover...
CVE-2018-2755
CVE-2018-2755 affects Oracle MySQL Server (Server: Replication) and is present in supported MySQL/MariaDB branches up to specific prior versions: 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The issue allows takeover of MySQL Server and requires logon with user interaction; imp...
CVE-2022-21289
CVE-2022-21289 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The issue is described as a vulnerability that, when exploited by a highly privileged attacker with access to the hardware’s physical comm...
CVE-2022-21290
CVE-2022-21290 affects Oracle MySQL Cluster (component: Cluster: General). Affected versions: 8.0.27 and earlier. The issue is exploitable by a high-privilege attacker with access to the physical communication segment attached to the hardware where MySQL Cluster runs, with exploitation requiring ...
CVE-2022-21320
The CVE-2022-21320 entry concerns Oracle MySQL Cluster (component: Cluster: General). Affected are versions 8.0.27 and earlier. The flaw allows takeover of MySQL Cluster and is described as difficult to exploit, requiring access to the hardware’s physical communication segment and human interacti...
CVE-2022-21308
CVE-2022-21308 affects Oracle MySQL Cluster (Cluster: General) with affected versions 8.0.27 and earlier. The vulnerability, which requires human interaction and local access to the hardware communication segment, can lead to takeover of MySQL Cluster. A fix exists: upgrade to MySQL package versi...
CVE-2022-21327
CVE-2022-21327 : Vulnerability in Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. Exploitation requires high privileges and access to the physical network segment; user interaction is required. Success...
CVE-2023-21953
CVE-2023-21953 affects Oracle MySQL Server, component Server: Partition , with affected versions 8.0.32 and prior . The connected materials confirm this is a vulnerability that an attacker with network access via multiple protocols could exploit to cause a hang or frequently repeatable crash (com...
CVE-2017-10355
CVE-2017-10355 is documented across multiple openJDK/OpenJDK-derived advisories (CentOS, Debian, Amazon, IBM, etc.) as a networking vulnerability in the FtpClient component of OpenJDK’s Java SE/Java SE Embedded. Technical details in connected sources specify that the FtpClient did not set default...
CVE-2022-21335
CVE-2022-21335 concerns Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The issue is described as difficult to exploit and requires high privileges with access to the physical communication segme...
CVE-2019-16335
CVE-2019-16335 is a vulnerability in FasterXML jackson-databind (pre-2.9.10) related to polymorphic typing in the HikariDataSource path. Connected sources confirm the affected component is jackson-databind and specifically the serialization gadgets involving com.zaxxer.hikari.HikariDataSource. Im...
CVE-2022-21284
The CVE-2022-21284 entry concerns Oracle MySQL Cluster (Cluster: General) with affected versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability allows a high-privilege attacker who has access to the physical network segment to compromise the MySQL Cl...
CVE-2024-1635
Undertow vulnerability CVE-2024-1635 affects servers supporting the wildfly-http-client protocol. The issue arises during HTTP upgrade to remoting: WriteTimeoutStreamSinkConduit is not notified when a RemotingConnection is closed, causing timeout tasks to leak and accumulate, which leaks connecti...
CVE-2018-2940
CVE-2018-2940 affects Oracle Java SE and Java SE Embedded Libraries. Affected: Java SE 6u191, 7u181, 8u172, 10.0.1; Java SE Embedded 8u171. Underlying issue in the Libraries component allows an unauthenticated, network-accessible attacker to read data from Java deployments that load untrusted cod...
CVE-2021-22926
CVE-2021-22926 affects curl/libcurl where using CURLOPT_SSLCERT can be spoofed when libcurl uses macOS Secure Transport. A writable current working directory attacker can cause the app to select a file-based cert over a named cert, resulting in the wrong client certificate being sent in TLS hands...
CVE-2023-21929
CVE-2023-21929 affects Oracle MySQL Server (component: Server: DDL) in MySQL 8.0.32 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) and perform unauthorized data updates/inserts/deletes on accessible data. R...
CVE-2022-21337
The CVE-2022-21337 entry concerns Oracle MySQL Cluster (Cluster: General). Affected are MySQL Cluster releases up to and including 7.4.34, 7.5.24, 7.6.20, and 8.0.27 (and prior). The vulnerability enables takeover of MySQL Cluster by a high-privilege attacker who has access to the physical commun...
CVE-2024-21053
CVE-2024-21053 affects Oracle MySQL Server (component: Server: DML). Affected: MySQL 8.0.34 and earlier. The vulnerability enables a high-privilege attacker with network access via multiple protocols to cause a hang or crash (complete DOS) of MySQL Server. Exploitation and impact details are docu...
CVE-2020-2767
CVE-2020-2767 affects Oracle Java SE JSSE: vulnerable in Java SE 11.0.6 and 14 (client/server deployment). The vulnerability allows unauthenticated network access over HTTPS to modify or read Java SE data due to TLS/JSSE handling flaws, with potential for unauthorized updates, insertions, deletio...
CVE-2020-2778
CVE-2020-2778 affects Oracle Java SE JSSE (Java 11.0.6 and 14). It can be triggered over HTTPS by unauthenticated remote attackers, potentially enabling read access to a subset of Java SE data. The related connected advisories (e.g., CentOS/RH/OpenJDK tracking) describe the issue as an incomplete...
CVE-2018-2668
CVE-2018-2668 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Affected: 5.5.58 and earlier; 5.6.38 and earlier; 5.7.20 and earlier. Description across sources: a low-privilege, network-accessible attacker can exploit via multiple protocols to cause a hang or ...
CVE-2020-2768
CVE-2020-2768 affects Oracle MySQL Cluster (Cluster: General) with vulnerable MySQL Cluster versions 7.3.28 and earlier, 7.4.27 and earlier, 7.5.17 and earlier, 7.6.13 and earlier, and 8.0.19 and earlier. The vulnerability can allow a low-privileged, network-accessing attacker to cause a hang or ...
CVE-2018-2813
CVE-2018-2813 is reported in the F5 AWS advisory as a MySQL Server (subcomponent: Server: DDL) vulnerability. Affected are Oracle MySQL/MariaDB lineage versions 5.5.59 and prior, 5.6.39 and prior, and 5.7.21 and prior. The issue: a low-privileged attacker with network access can compromise MySQL ...
CVE-2022-21283
CVE-2022-21283 affects Oracle Java SE (Libraries) and GraalVM Enterprise Edition, with affected versions including Java SE 11.0.13 and 17.0.1, and GraalVM EE 20.3.4/21.3.0. The vulnerability allows unauthenticated network-based access and can cause a partial denial of service (A: PARTIAL) per CVS...
CVE-2021-46143
CVE-2021-46143 affects libexpat (Expat) in doProlog (xmlparse.c) with an integer overflow on m_groupSize prior to 2.4.3. The linked advisories and databases confirm related Expat overflow issues (and other overflow variants such as addBinding, build_model, defineAttribute, lookup, nextScaffoldPar...
CVE-2018-1000613
CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...
CVE-2023-21919
CVE-2023-21919 affects Oracle MySQL Server (component: Server: DDL), with vulnerable versions 8.0.32 and earlier. The issue allows a high-privilege attacker who can reach the server over multiple protocols to cause a hang or crash (DoS), as reflected by the CVSS availability impact. Connected adv...
CVE-2022-21366
CVE-2022-21366 affects Oracle Java SE (ImageIO) and Oracle GraalVM Enterprise Edition. The Oracle advisory describes affected versions: Java SE 11.0.13 and 17.0.1; GraalVM EE 20.3.4 and 21.3.0. Exploitation could allow an unauthenticated network attacker to cause a partial denial of service or, d...
CVE-2021-3859
CVE-2021-3859 corresponds to an Undertow flaw that triggers a client-side invocation timeout for certain HTTP/2 calls, enabling denial-of-service conditions. Connected advisories (e.g., RHSA-2024:10207) explicitly reference Undertow and cite the issue as the cause for DoS when HTTP2 client invoca...
CVE-2022-21277
CVE-2022-21277 affects Oracle Java SE and Oracle GraalVM Enterprise Edition via ImageIO, with additional related CVEs (CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21299, CVE-2022-21305, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CV...