743 matches found
CVE-2019-2996
CVE-2019-2996 is documented in IBM security advisories as affecting IBM SDK Java Technology Edition (OpenJDK/OpenJ9) deployments used by IBM products. IBM Bulletins list the vulnerability under Java SE Deployment, affecting IBM SDK Java 7/8 (IBM Tivoli Application Dependency Discovery Manager, CI...
CVE-2020-2585
CVE-2020-2585 is referenced in connected security advisories as affecting Oracle Java SE (component JavaFX) with affected Java SE 8u231. The advisory notes that exploitation is difficult but possible by a network-access attacker through multiple protocols, potentially allowing unauthorized creati...
CVE-2018-2826
CVE-2018-2826 affects Oracle Java SE Libraries in Java SE 10. The vulnerability allows an unauthenticated network-based attacker to compromise Java SE, with potential takeover of the Java Runtime, per the description. CVSS 3.1 indicates HIGH impact (C, I, A HIGH) with NETWORK attack vector and re...
CVE-2022-39399
CVE-2022-39399 affects Oracle Java SE and GraalVM Enterprise Edition (Networking component). Affected versions: Oracle Java SE 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM EE 20.3.7, 21.3.3, 22.2.0. The vulnerability allows unauthenticated, network-based access via HTTP to compromise data integrity, p...
CVE-2017-10293
CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...
CVE-2019-17359
The CVE-2019-17359 entry concerns Bouncy Castle Crypto (BC Java) 1.63. The vulnerability lies in the ASN.1 parser, which can trigger a large memory allocation leading to a memory exhaustion/OutOfMemoryError via crafted ASN.1 data. Affected product: BC Java 1.63; fixed in BC Java 1.64. The issue i...
CVE-2019-2435
CVE-2019-2435 affects Oracle MySQL Connectors (Connector/Python). Affected: MySQL Connectors 8.0.13 and earlier, and 2.1.8 and earlier. Attack requires network access via TLS and user interaction; can lead to unauthorized data access or modification within MySQL Connectors. Some connected advisor...
CVE-2018-2638
CVE-2018-2638 is addressed in IBM product advisories for IBM Netezza and IBM InfoSphere Optim. The IBM Netezza Platform Software requires upgrading to 11.2.1.2 (Fix Central link provided in the bulletin). Separately, IBM InfoSphere Optim solutions (11.3.0) should apply fix pack 11.3.0.7 to mitiga...
CVE-2022-1259
CVE-2022-1259 is an Undertow-related denial-of-service issue. The root cause is an incomplete fix for CVE-2021-3629, causing potential DoS from HTTP/2 flow-control handling. Connected documents (Nessus plugin references and IBM/Red Hat advisories) confirm this in context of Undertow and note that...
CVE-2021-2014
CVE-2021-2014 is a vulnerability in Oracle MySQL Server (Server: PAM Auth Plugin) affecting 5.7.32 and earlier. An authenticated attacker with network access via multiple protocols can exploit this to cause a denial of service (hang or crash) with an availability impact. The initial data lists a ...
CVE-2021-2342
CVE-2021-2342 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.34 and earlier; 8.0.25 and earlier. Impact: high-privilege attacker on the network can cause a hang or crash (DoS) via multiple protocols; CVSS 3.1 base 4.9 (A). No explicit remediation version provided in the supp...
CVE-2022-21515
Oracle MySQL Server vulnerability CVE-2022-21515 affects MySQL Server (component: Server: Options). Affected versions: 5.7.38 and earlier; 8.0.29 and earlier. Exploitation allows a high-privilege attacker with network access via multiple protocols to cause the server to hang or crash (DoS). Conne...
CVE-2018-2941
CVE-2018-2941 affects Oracle Java SE (JavaFX) with affected products Java SE 7u181, 8u172, and 10.0.1. The vulnerability is difficult to exploit, requires network access via multiple protocols and user interaction, and can lead to takeover of Java SE. It principally concerns Java deployments runn...
CVE-2021-2385
CVE-2021-2385 affects Oracle MySQL Server, specifically the replication component. Affected versions are MySQL 5.7.34 and earlier and 8.0.25 and earlier. The issue allows a high-privilege attacker with network access (via multiple protocols) to cause a hang or crash (DoS) and may enable unauthori...
CVE-2025-0509
The CVE-2025-0509 entry concerns the Sparkle update framework. Affected software: Sparkle prior to version 2.6.4. Issue: an attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks, compromising update integrity. Impact: potential execution o...
CVE-2018-2825
CVE-2018-2825 concerns Oracle Java SE Libraries with affected Java SE 10, allowing network-based attacks that may compromise confidentiality, integrity, and availability; the exploitation requires user interaction. The connected documents largely discuss IBM-specific advisories (IBM i, Netcool Ag...
CVE-2022-21553
CVE-2022-21553 affects Oracle MySQL Server (Component: Server: Optimizer). Public sources in connected docs describe affected versions as 8.0.29 and prior, with an attacker of HIGH privileges gaining network access via multiple protocols and potentially causing a hang or frequent crashes (complet...
CVE-2020-14664
CVE-2020-14664 affects Oracle Java SE (component: JavaFX ) with affected version Java SE 8u251 . The vulnerability is exploitable over the network and can be triggered by loading untrusted code in client-side Java deployments (Web Start/applets). It requires user interaction and could lead to tak...
CVE-2022-21534
CVE-2022-21534 affects Oracle MySQL Server (Server: Stored Procedure). Affected versions are 8.0.29 and earlier. Exploitation requires network access via multiple protocols by a high-privilege attacker and can cause the MySQL Server to hang or crash (complete DOS). Remediation: upgrade to MySQL 8...
CVE-2018-2782
CVE-2018-2782 is a vulnerability in the MySQL Server component (InnoDB). Affected versions are MySQL 5.6.39 and earlier and 5.7.21 and earlier. The issue allows a low-privileged, remote attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (partial/complet...
CVE-2018-2766
CVE-2018-2766 affects the MySQL Server component (InnoDB) and can lead to a complete DoS via network access. Affected versions per the initial data are MySQL 5.6.39 and earlier and 5.7.21 and earlier. Several connected advisories reference this CVE (e.g., Debian security notices, F5 advisory) but...
CVE-2018-2784
CVE-2018-2784 affects Oracle MySQL Server (InnoDB) with affected versions 5.6.39 and prior and 5.7.21 and prior. The vulnerability allows a low-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (DoS). Connected advisories confirm its inclusion in mult...
CVE-2022-21569
CVE-2022-21569 concerns a vulnerability in Oracle MySQL Server (Server: Optimizer). Affected products/versions: MySQL Server 8.0.29 and earlier. The issue enables a low-privileged attacker with network access via multiple protocols to cause a hang or frequently repeatable crash (complete DoS) of ...
CVE-2023-22048
CVE-2023-22048 is a MySQL Server vulnerability in the Server: Pluggable Auth component. Affected versions are 8.0.33 and earlier. It requires network access with a low-privilege attacker and can lead to unauthorized read access to a subset of MySQL data; CVSS 3.1 Base Score is 3.1 (Low). The conn...
CVE-2018-2627
CVE-2018-2627 : Vulnerability in the Oracle Java SE component (Installer) for Windows installer only. Affected: Java SE 8u152 and 9.0.1. Exploitation is described as difficult and requires a logged-on, low-privilege user with user interaction; successful exploitation could lead to takeover of Jav...
CVE-2018-2581
CVE-2018-2581 affects Oracle Java SE (JavaFX) with Java SE versions 7u161, 8u152, and 9.0.1. An unauthenticated attacker with network access via multiple protocols can read a subset of Java SE data; exploitation requires user interaction. The issue is tied to JavaFX within client deployments (Web...
CVE-2020-1954
CVE-2020-1954 affects Apache CXF JMX integration; a MITM is possible if the createMBServerConnectorFactory setting on the InstrumentationManagerImpl is not disabled, allowing an on-host attacker to rebind the JMX registry and proxy traffic to access exchanged data. The issue is documented across ...
CVE-2022-35278
CVE-2022-35278 affects Apache ActiveMQ Artemis before 2.24.0, where HTML in the name of an address/queue can inject HTML into the web console, potentially showing malicious content or redirecting users. Red Hat AMQ Broker advisories confirm a fix in 2.24.0+ (and related advisories list the CVE). ...
CVE-2022-21522
CVE-2022-21522 affects Oracle MySQL Server, component Server: Stored Procedure . Affected versions are 8.0.29 and prior . The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols , and successful exploits can cause a hang or frequently repeatable cr...
CVE-2022-21539
CVE-2022-21539 affects Oracle MySQL Server (InnoDB) with an affected range of 8.0.29 and earlier. A low-privileged, network-accessible attacker could gain unauthorized update/insert/delete access and unauthorized read access to MySQL data, plus partial DoS of data via the InnoDB component. The vu...
CVE-2023-22005
CVE-2023-22005 affects Oracle MySQL Server, specifically the Server: Replication component, with affected versions listed as 8.0.33 and earlier. The IBM Security Guardium bulletin corroborates an unspecified vulnerability in this replication area that could allow a remote authenticated attacker t...
CVE-2022-21418
CVE-2022-21418 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.28 and earlier. The issue allows a high-privilege attacker with network access to cause a hang or crash (denial of service) and may enable unauthorized updates, inserts, or deletes to certain MySQL data. The connecte...
CVE-2018-2942
CVE-2018-2942 affects Oracle Java SE (Windows DLL) with vulnerable Java SE versions 7u181 and 8u172. The vulnerability is exploitable over a network via multiple protocols and can lead to Java SE takeover; exploitation requires user interaction. CVSSv3.1 base score 8.3 (HIGH) with impacts to conf...
CVE-2022-21436
Technical details about CVE-2022-21436 are not publicly provided in the connected documents. Please monitor for updates.
CVE-2022-21509
CVE-2022-21509 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.29 and earlier. The vulnerability can be exploited by a high-privileged attacker with network access via multiple protocols to cause a hang or crash (DoS) and may allow unauthorized data updates/i...
CVE-2023-22033
CVE-2023-22033 affects Oracle MySQL Server (InnoDB). Affected versions are 8.0.33 and earlier. An attacker with network access via multiple protocols can exploit this to cause a hang or frequently repeatable crash (DoS) of MySQL Server. The CVSS base score is 4.4 (Availability impact). A remediat...
CVE-2022-21517
The CVE-2022-21517 entry concerns Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.29 and earlier. The flaw enables a high-privilege attacker who has network access (via multiple protocols) to cause a hang or a frequent, repeatable crash (complete DOS) of MySQL Server. The CVSS v3.1 base...
CVE-2018-2810
CVE-2018-2810 affects Oracle MySQL Server (InnoDB subcomponent). Affected are MySQL 5.7.21 and earlier. Attackers with network access via multiple protocols and high privileges can cause a hang or frequent crashes (DoS) of MySQL Server. CVSSv3 base score 4.9 (A: High, Availability impact). Remedi...
CVE-2023-22038
CVE-2023-22038 affects Oracle MySQL Server (Server: Security: Privileges) with affected versions 8.0.33 and earlier. A high-privileged attacker with network access via multiple protocols could authorize data updates/inserts/deletes. Root cause and impact stated as low to moderate integrity impact...
CVE-2023-22058
CVE-2023-22058 affects Oracle MySQL Server (Server: DDL) for versions 8.0.33 and earlier, allowing a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS). The issue is documented with a CVSS base score of 4.4 (Availability). Remediation: upgrade to MyS...
CVE-2022-21414
CVE-2022-21414 affects Oracle MySQL Server, specifically the Server: Optimizer. Affected versions are 8.0.28 and earlier. An attacker with high privileges and network access via multiple protocols can cause the server to hang or crash (denial of service). The vulnerability is documented as a deni...
CVE-2022-21435
CVE-2022-21435 affects Oracle MySQL Server, component Server: Optimizer, with affected versions 8.0.28 and earlier. The vulnerability allows a high-privilege attacker who can reach the server over the network (via multiple protocols) to cause a denial of service, resulting in the MySQL Server han...
CVE-2022-21528
CVE-2022-21528 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.29 and earlier. An attacker with network access via multiple protocols and with HIGH privileges can cause a hang or a frequently repeatable crash (complete DOS) and may perform unauthorized updates/inse...
CVE-2022-21537
CVE-2022-21537 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.29 and earlier. The vulnerability has a high-privilege remote attacker scenario over multiple network protocols, potentially causing a hang or repeated crashes (complete DOS). Some connected advisories note remediation...
CVE-2022-21538
CVE-2022-21538 affects Oracle MySQL Server (component: Server: Security: Encryption). Affected: MySQL 8.0.29 and earlier. Attack: network access with low privileges can cause partial denial of service to MySQL Server. Impact: availability degradation (low). CVSS base score: 3.1 (LOW). Remediation...
CVE-2023-21946
CVE-2023-21946 affects Oracle MySQL Server, specifically the Server: Optimizer. Affected versions are 8.0.32 and earlier. The vulnerability can be exploited by a low-privilege attacker with network access via multiple protocols and can lead to a hang or frequently repeatable crash (complete DoS) ...
CVE-2022-21379
CVE-2022-21379 affects Oracle MySQL Server, specifically the Group Replication Plugin in MySQL 8.0.27 and earlier. The vulnerability allows a network-remote, high-privilege attacker to cause a hang or crash (DoS). Public materials note multiple distro advisories updating to newer MySQL 8.0.x vers...
CVE-2023-22057
CVE-2023-22057 affects Oracle MySQL Server, component Server: Replication, with affected versions 8.0.33 and prior. Multiple connected sources indicate this vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (com...
CVE-2018-2818
CVE-2018-2818 affects Oracle MySQL Server components (Server: Privileges) and is triggered by a high-privilege user over network protocols, potentially causing a hang or crash (DoS) on vulnerable MySQL Server versions 5.5.59 and earlier, 5.6.39 and earlier, or 5.7.21 and earlier. The connected ad...
CVE-2022-21527
CVE-2022-21527 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.29 and earlier. Summary: A high-privilege attacker who can reach the server over network protocols can trigger a hang or crash (DO S) and may perform unauthorized update/insert/delete on some data. The vulnerabili...