743 matches found
CVE-2021-3517
CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...
CVE-2021-2144
CVE-2021-2144 affects Oracle MySQL Server (component: Server: Parser). Affected versions are 5.7.29 and earlier and 8.0.19 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to compromise the MySQL Server, potentially leading to takeover of ...
CVE-2016-9841
CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...
CVE-2022-21605
CVE-2022-21605 concerns the Oracle MySQL Server, specifically the Server: Data Dictionary component. Affected are MySQL Server versions 8.0.28 and earlier . The vulnerability enables a high-privilege attacker with network access (via multiple protocols) to cause the server to hang or crash, resul...
CVE-2019-14540
CVE-2019-14540 affects jackson-databind up to version 2.9.10 with serialization gadget risk involving the HikariCP classes (com.zaxxer.hikari.HikariConfig). The authoritative initial doc notes a polymorphic typing issue in jackson-databind related to HikariConfig. Connected-material references (A...
CVE-2020-2780
CVE-2020-2780 affects Oracle MySQL Server (Server: DML) with vulnerable ranges: 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The issue allows a low-privileged, network-access attacker to cause a hang or crash (DOS) via multiple protocols. The connected advisories (e.g., ALAS/ C...
CVE-2017-5645
CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...
CVE-2020-14765
An advisory indicates CVE-2020-14765 affects Oracle MySQL Server (Server: FTS) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. The cited materials describe a vulnerability that can cause the MySQL Server to hang or crash (DoS) via network access, but the root caus...
CVE-2020-14812
CVE-2020-14812 affects Oracle MySQL Server (component: Server: Locking) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. Exploitation can lead to a hang or frequent crashes (DoS) with network access. Remediation status varies by distribution; Debian LTS notes a fix...
CVE-2019-2455
CVE-2019-2455 affects the MySQL Server component (subcomponent: Server: Parser) with affected versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability allows a low-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS). Public advi...
CVE-2024-21096
Technical details about CVE-2024-21096 are not publicly provided in the supplied documents. Monitoring for updates is advised; the current sources do not specify affected products, versions, exploitability, or remediation within the given materials.
CVE-2022-42004
The CVE affects FasterXML jackson-databind prior to 2.13.4, where resource exhaustion can occur due to a missing check in BeanDeserializer._deserializeFromArray that prevents deeply nested arrays. An application is vulnerable only with certain customized deserialization paths. Concrete details ac...
CVE-2021-2166
CVE-2021-2166 affects the MySQL/MariaDB Server: DML component. Public sources in connected documents confirm affected products and versions: MySQL/MariaDB server vulnerable when running on Oracle MySQL 5.7.33 and earlier and 8.0.23 and earlier (per AstraLinux/ALMA advisories and related entries)....
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2020-2814
CVE-2020-2814 affects Oracle MySQL Server (InnoDB) with affected versions 5.6.47 and prior, 5.7.28 and prior, and 8.0.18 and prior. Bulletins in connected advisories describe an easily exploitable, network-accessible vulnerability enabling a high-privilege attacker to cause a hang or frequent cra...
CVE-2018-3282
CVE-2018-3282 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Affected versions include 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier, with an attack surface that enables a network-accessing, high-privileged attacker...
CVE-2020-14550
CVE-2020-14550 affects the MySQL Client (C API) in Oracle MySQL. Affected are 5.6.48 and earlier, 5.7.30 and earlier, and 8.0.20 and earlier. The vulnerability allows a low-privilege, network-accessible attacker via multiple protocols to cause a hang or a frequent, crashable DoS of the MySQL Clie...
CVE-2018-3174
CVE-2018-3174 affects Oracle MySQL Server (notably the Client programs) with affected versions 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. Root cause per the sources is a vulnerability in MySQL Server that can, under certain conditions, lead to a hang or a complete...
CVE-2019-2510
CVE-2019-2510 affects the MySQL Server component (InnoDB) of Oracle MySQL; affected versions are 5.7.24 and earlier and 8.0.13 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (DOS). Public docume...
CVE-2018-3064
CVE-2018-3064 affects the MySQL Server component (InnoDB). The initial description lists affected versions as 5.6.40 and earlier, 5.7.22 and earlier, and 8.0.11 and earlier, with a network-accessible, low-privilege exploit that can cause a hang/crash (DoS) and unauthorized read/write of data. Con...
CVE-2020-14789
CVE-2020-14789 affects Oracle MySQL Server (component: Server: FTS). Vulnerability details in connected advisories show it impacts MySQL 5.7.31 and prior and 8.0.21 and prior, with an attacker having network access via multiple protocols and high privileges able to cause a hang or crash (DoS) of ...
CVE-2021-2194
CVE-2021-2194 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. The issue allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. No exploitation details are provided in the ...
CVE-2022-24823
CVE-2022-24823 affects Netty’s io.netty:netty-codec-http prior to 4.1.77.Final, describing an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders handle uploads and temporary disk storage is enabled, local information can be disclosed via the system temporary directory. This affe...
CVE-2019-11068
CVE-2019-11068 affects libxslt up to 1.1.33. The vulnerability arises because xsltCheckRead/xsltCheckWrite can permit access even after a -1 error, enabling protection bypass. According to the linked advisories, this vulnerability has a CVSSv3 base score of 9.8 (NETWORK, LOW attack complexity, NO...
CVE-2021-2021
CVE-2021-2021 affects Oracle MySQL Server (MySQL: Server: Optimizer) with affected versions 8.0.22 and earlier. It is described as an easily exploitable vulnerability allowing a high-privilege attacker with network access via multiple protocols to cause a hang or complete DoS on MySQL Server. The...
CVE-2020-8840
CVE-2020-8840 affects FasterXML jackson-databind 2.0.0–2.9.10.2, where missing blocking of xbean-reflect/JNDI chains (notably org.apache.xbean.propertyeditor.JndiConverter) enables JNDI injection leading to remote code execution. Affected component is jackson-databind’s deserialization path; impa...
CVE-2021-2032
CVE-2021-2032 affects Oracle MySQL Server (component: Information Schema). Affected versions: 5.7.32 and prior, 8.0.22 and prior. A low-privilege, network-accessible attacker via multiple protocols can read a subset of MySQL data. CVSS v3.1 base score 4.3 (C:L/I:N/A:N). No exploitation details or...
CVE-2022-36033
CVE-2022-36033 affects jsoup, a Java HTML parser. The issue arises when SafeList.preserveRelativeLinks is enabled, allowing crafted javascript: URLs to bypass sanitization and potentially enable XSS if the page lacks a Content Security Policy. The vulnerability is mitigated by updating to jsoup 1...
CVE-2024-21011
CVE-2024-21011 affects Oracle Java SE platforms (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u401, 11.0.22, 17.0.10, 21.0.2, 22; GraalVM for JDK: 17.0.10, 21.0.2, 22; GraalVM EE: 20.3.13, 21.3.9. The vulnerability is exploitable over a network by un...
CVE-2021-21409
The CVE concerns Netty’s HTTP/2 codec (io.netty:netty-codec-http2) where, before version 4.1.61.Final, a Content-Length check can be bypassed when a single Http2HeaderFrame with endStream set to true is used. This enables HTTP request smuggling if the request is proxied and translated to HTTP/1.1...
CVE-2020-10683
CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...
CVE-2020-14556
CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...
CVE-2018-3060
CVE-2018-3060 affects Oracle MySQL Server (InnoDB) with affected versions 5.5/5.6 per IBM/Guardium disclosures. The vulnerability is described as an unspecified issue in InnoDB that could allow an authenticated attacker to achieve no confidentiality impact, but high integrity and high availabilit...
CVE-2021-2180
CVE-2021-2180 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.33 and earlier and 8.0.23 and earlier. A high-privilege attacker who can reach MySQL Server over the network via multiple protocols can cause the server to hang or crash (complete DOS). Connected documents confirm the...
CVE-2022-43680
In CVE-2022-43680, libexpat up to version 2.4.9 contains a use-after-free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate during out-of-memory situations. The impact is rated High (Availability impact) with a CVSSv3.1 base score of 7.5 (Network attack vector, no ...
CVE-2022-23852
Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...
CVE-2018-3133
CVE-2018-3133 concerns Oracle MySQL Server (subcomponent: Server: Parser). Affected are MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can trigger a hang or frequen...
CVE-2021-21295
Netty CVE-2021-21295 affects io.netty:netty-codec-http2 prior to 4.1.60.Final, where Content-Length validation can be bypassed when HTTP/2 is downgraded to HTTP/1.1 in proxied scenarios, enabling HTTP request smuggling. The issue occurs when HTTP2MultiplexCodec/Http2FrameCodec are used and Http2S...
CVE-2019-2534
CVE-2019-2534 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability is exploitable by a low-privileged attacker with network access via multiple protocols, potentially leading to una...
CVE-2019-2481
CVE-2019-2481 affects Oracle MySQL Server (Server: Optimizer). Affected versions are 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The vulnerability can be exploited by a high-privileged attacker over the network to cause a hang or a frequently repeating crash (complete DoS) of MySQL ...
CVE-2018-1000632
CVE-2018-1000632 affects dom4j prior to 2.1.1 with an XML Injection (CWE-91) in Element methods addElement/addAttribute. An attacker could tamper XML content via crafted attributes/elements. The issue is fixed in 2.1.1+, and IBM/IOC advisories indicate upgrading dom4j (e.g., to 2.1.4 in IOC) to a...
CVE-2018-10933
CVE-2018-10933 affects libssh, specifically the server-side state machine, where versions prior to 0.7.6 and 0.8.4 allow an unauthenticated attacker to create channels and gain unauthorized access. The underlying issue is an authentication bypass in the server code, reported by multiple vendors a...
CVE-2021-2088
CVE-2021-2088 affects Oracle MySQL Server (Server: DML). Affected versions: 8.0.22 and earlier. An attacker with local logon and high privileges can cause the MySQL server to hang or crash (complete DoS). Remediation details in provided sources indicate upgrading MySQL to a later version (e.g., 8...
CVE-2024-21131
CVE-2024-21131 affects Oracle Java SE (Hotspot) and Oracle GraalVM for JDK/Enterprise Edition. Affected versions include Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; GraalVM Enterprise: 20.3.14, 21.3.10. An unauthenticated network attacke...
CVE-2020-12723
CVE-2020-12723 : In Perl, regcomp.c allows a buffer overflow in the regex compiler due to crafted regular expressions, caused by recursive S_study_chunk calls. The issue affects Perl before 5.30.3, notably on 32‑bit platforms. Reports in Connected documents indicate fixes have been released (e.g....
CVE-2018-3081
CVE-2018-3081 affects the MySQL Client component of Oracle MySQL. Affected versions: 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, and 8.0.11 and prior. Attackers with network access via multiple protocols can exploit it to cause a hang or a crash (DoS) and may update/insert/delete data i...
CVE-2019-2975
CVE-2019-2975 affects Oracle Java SE/Scripting (and Java SE Embedded) with known affected builds: Java SE 8u221, 11.0.4, and 13; Java SE Embedded 8u221. The vulnerability concerns loading/executing untrusted code in environments like sandboxed Web Start/Applet contexts and can allow an unauthenti...
CVE-2021-2001
CVE-2021-2001 affects Oracle MySQL Server (Server: Optimizer). Affected are MySQL versions 5.6.50 and earlier, 5.7.30 and earlier, and 8.0.17 and earlier. An attacker with network access via multiple protocols and high privileges can trigger a denial of service (hang or crash) of MySQL Server. Co...
CVE-2019-2422
CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...
CVE-2019-2949
CVE-2019-2949 affects Oracle/OpenJDK Java SE Kerberos components. Affected Java SE: 7u231, 8u221, 11.0.4, 13; Java SE Embedded: 8u221. Exploitation requires network access via Kerberos and unauthenticated access could lead to leakage of sensitive data or elevated access. Connected documents show ...