743 matches found
CVE-2021-2010
CVE-2021-2010 affects the MySQL Client C API in Oracle MySQL. Affected versions are 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The vulnerability is exploitable remotely with low privileges and could lead to unauthorized data updates/inserts/deletes and partial DoS on MySQL Cl...
CVE-2022-21427
CVE-2022-21427 affects Oracle MySQL Server (component: Server: FTS). Affected: MySQL 5.7.37 and earlier, 8.0.28 and earlier. An attacker with high privileges and network access via multiple protocols can cause a hang or frequent crash (DoS). The connected advisories indicate fixes in newer MySQL ...
CVE-2018-3156
CVE-2018-3156 affects Oracle MySQL Server (subcomponents: InnoDB; also referenced in multiple advisories) with affected versions: 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. According to the connected advisories for Linux distributions, the vulnerability enables network-access...
CVE-2018-3251
CVE-2018-3251 affects Oracle MySQL Server (InnoDB). Affected: 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier. Exploitation via network against multiple protocols can cause a hang or crash (DOS). Several advisories reference fixes in corresponding OS/package updates (e.g., ALAS and Deb...
CVE-2022-21626
CVE-2022-21626 affects Oracle Java SE (components: Security and JNDI) and Oracle GraalVM Enterprise Edition, with affected Java SE versions including 8u341, 8u345-perf, 11.0.16.1 (and related GraalVM versions 20.3.7, 21.3.3, 22.2.0). The vulnerability is exploitable remotely over HTTPS (and other...
CVE-2018-2612
CVE-2018-2612 is reported in the MySQL Server component (subcomponent: InnoDB). Affected releases include MySQL 5.6.38 and earlier and 5.7.20 and earlier. The vulnerability enables a high-privilege attacker who can access the server over the network (via multiple protocols) to compromise data con...
CVE-2022-21628
CVE-2022-21628 affects Oracle Java SE ( Lightweight HTTP Server) and Oracle GraalVM Enterprise Edition; affected Java SE versions include 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 and GraalVM EE: 20.3.7, 21.3.3, 22.2.0. Description states an unauthenticated attacker with network access via HTTP ...
CVE-2018-3143
CVE-2018-3143 is a vulnerability in the MySQL Server component (subcomponent: InnoDB) affecting Oracle MySQL. Affected versions are 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. It allows a low-privilege, network-attacker to cause a hang or crash (DoS) via multiple protocols. The issu...
CVE-2019-3822
CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...
CVE-2020-2579
CVE-2020-2579 is a MySQL Server vulnerability in the optimizer component. Affected versions are 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. An attacker with network access over multiple protocols and low privileges can trigger a hang or a complete denial of service (DoS) via t...
CVE-2021-2048
CVE-2021-2048 affects Oracle MySQL Server (InnoDB). Connected documents confirm the vulnerability lies in InnoDB with affected versions 8.0.22 and earlier, enabling a network-accessible attacker with high privileges to cause a hang or crash (DoS) and to perform unauthorized updates/inserts/delete...
CVE-2021-2046
CVE-2021-2046 affects Oracle MySQL Server (Server: Stored Procedure) with affected versions 8.0.22 and prior. Exploitation requires network access from a high-privilege attacker via multiple protocols and may cause a hang or crash (DoS) in MySQL Server, potentially impacting related products. Mit...
CVE-2021-22931
CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...
CVE-2019-2531
CVE-2019-2531 affects the MySQL Server component (subcomponent: Server: Replication) of Oracle MySQL. Affected versions are 5.6.42 and earlier, 5.7.24 and earlier, and 8.0.13 and earlier. The vulnerability allows a high-privileged, network-access attacker to cause a hang or a frequent crash (DOS)...
CVE-2021-2060
CVE-2021-2060 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The vulnerability can be exploited by a highly privileged attacker with network access via multiple protocols to cause a hang or crash (a...
CVE-2024-21147
The CVE-2024-21147 entry describes a vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Hotspot component) affecting multiple supported versions: Java SE 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK 17.0.11, 21.0.3, 22.0.1; Graa...
CVE-2021-2087
CVE-2021-2087 refers to a vulnerability in Oracle MySQL Server (Server: DML) affecting 8.0.22 and earlier. A high-privilege user with server access could cause a denial-of-service (hang or crash). Connected sources indicate remediation exists via upgrading MySQL (e.g., the CG/Mariner entry for my...
CVE-2018-3173
CVE-2018-3173 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected: MySQL 5.7.23 and earlier and 8.0.12 and earlier; exploitation via network could cause a hang or crash (DoS) with high privileges over multiple protocols. Connected advisories indicate fixed releases exist (e.g., ...
CVE-2018-3200
CVE-2018-3200 affects Oracle MySQL Server (InnoDB) and is exploitable with network access via multiple protocols by a high-privilege attacker to cause a hang or crash (DOS). Affected versions are 5.7.23 and prior and 8.0.12 and prior; CVSSv3 base score 4.9 (A: HIGH). The F5 advisory notes remedia...
CVE-2021-2389
CVE-2021-2389 affects Oracle MySQL Server (InnoDB) with vulnerable versions 5.7.34 and earlier and 8.0.25 and earlier. An unauthenticated attacker can exploit over network via multiple protocols to cause a hang or a frequent crash (complete DoS) of MySQL Server. Connected documents corroborate th...
CVE-2022-21624
CVE-2022-21624 is an Oracle Java SE/GraalVM EE vulnerability in the JNDI component (also described across connected advisories) that allows unauthenticated network access to potentially update/insert/delete data. Affected products/versions include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17....
CVE-2021-2036
CVE-2021-2036 affects the Oracle MySQL Server, component Server: Optimizer , with affected versions including 8.0.22 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or complete denial of service of the MySQL Server. The C...
CVE-2020-14621
CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...
CVE-2021-2307
CVE-2021-2307 affects Oracle MySQL Server (Server: Packaging) with affected versions 5.7.33 and prior and 8.0.23 and prior. The vulnerability allows unauthenticated access within the MySQL Server host after user interaction; CVSSv3.1 base score 6.1 (Confidentiality/Integrity). Affected components...
CVE-2018-3284
CVE-2018-3284 affects Oracle MySQL Server (InnoDB subcomponent) and related MySQL Server components. Affected versions: 5.7.23 and earlier, and 8.0.12 and earlier. The flaw allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS). Connected adviso...
CVE-2018-3185
CVE-2018-3185 is a MySQL Server (InnoDB) vulnerability affecting 5.7.23 and earlier and 8.0.12 and earlier. The connected F5 advisory confirms exploitable remote access via multiple protocols by a high-privilege attacker, potentially causing a hang or crash (DoS) and unauthorized data updates. Th...
CVE-2018-3277
CVE-2018-3277 affects the MySQL Server component (subcomponent: InnoDB). Affected versions are 5.7.23 and prior and 8.0.12 and prior. The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols, and can lead to a hang or a frequent crash of MySQL Serve...
CVE-2020-14577
CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...
CVE-2021-2019
CVE-2021-2019 concerns Oracle MySQL Server (Server: Security: Privileges). Affected versions: 8.0.19 and earlier. The vulnerability is exploitable by a highly privileged attacker who has network access via multiple protocols, enabling unauthorized read access to a subset of MySQL Server data. The...
CVE-2021-2024
CVE-2021-2024 affects Oracle MySQL Server (Server: Optimizer). Affects MySQL 8.0.22 and earlier. vulnerability allows a low-privileged, network‑authenticated attacker to cause a hang or repeatable crash (DoS) via multiple protocols, with availability impact described as high. No explicit root cau...
CVE-2018-2952
CVE-2018-2952 affects OpenJDK/OpenJDK-derived Java runtimes (Java SE 7/8 and JRockit) in the Concurrency component. The root cause is insufficient index validation in PatternSyntaxException getMessage(), enabling unauthenticated network-based exploitation that can cause a denial of service via me...
CVE-2021-2012
CVE-2021-2012 affects Oracle MySQL Server (component: Server: Security: Privileges). Affected versions: 8.0.20 and earlier. An attacker with network access via multiple protocols and high privileges can exploit this to cause a hang or crash (high‑impact DoS) on MySQL Server. The document provides...
CVE-2020-2765
CVE-2020-2765 is a vulnerability in Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are MySQL 5.7.29 and earlier, and 8.0.19 and earlier. The issue can be exploited with network access via multiple protocols by a high-privilege attacker to cause a hang or a co...
CVE-2021-2009
CVE-2021-2009 concerns a vulnerability in Oracle MySQL Server, specifically in the Server: Security: Roles component. Affected versions are 8.0.19 and earlier. The description indicates that a high-privilege attacker who can reach the server over the network (via multiple protocols) could exploit...
CVE-2021-2038
CVE-2021-2038 affects Oracle MySQL Server (Server: Components Services). Affected versions: 8.0.22 and earlier. Root cause: vulnerability in a server component allowing a high-privileged attacker with network access via multiple protocols to cause the MySQL Server to hang or crash (complete DoS)....
CVE-2021-2056
CVE-2021-2056 affects Oracle MySQL Server (component: Server: DML). Affected: MySQL 8.0.22 and earlier. An attacker with network access via multiple protocols and who has high privileges can exploit to cause a hang or crash (complete DoS). CVSS v3.1 base score 4.4 (Availability). No exploit detai...
CVE-2021-2061
CVE-2021-2061 affects Oracle MySQL Server (Server: DDL). Affected: MySQL 8.0.22 and earlier. Attack scenario: a high-privileged attacker with network access via multiple protocols can trigger a hang or repetitive crash (DoS) of MySQL Server. Impact: availability loss (per CVSS v3.1 base 4.4). Roo...
CVE-2020-2654
CVE-2020-2654 affects Oracle Java SE Libraries in Java SE 7u241, 8u231, 11.0.5 and 13.0.1 (Java SE and Java SE Embedded) with the issue described as an unauthenticated network-access vulnerability that can cause a partial denial of service. The root cause is tied to the Libraries component (with ...
CVE-2021-2016
CVE-2021-2016 affects Oracle MySQL Server, specifically the Server: Optimizer. Affects MySQL 8.0.19 and earlier. An attacker with network access via multiple protocols and high privileges can trigger a hang or frequently repeatable crash (complete DoS) of MySQL Server. Root cause: vulnerability i...
CVE-2020-2572
CVE-2020-2572 affects Oracle MySQL Server, specifically the Server: Audit Plugin. Affected versions: MySQL 5.7.28 and earlier, and 8.0.18 and earlier. Root cause: vulnerability in the Audit Plugin that can be exploited remotely by a high-privilege, unauthenticated attacker to potentially update/i...
CVE-2021-2031
CVE-2021-2031 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.22 and earlier. Condition: authenticated, high-privilege attacker with network access via multiple protocols. Impact: can hang or cause a frequently repeating crash (complete DoS) of MySQL Server. Base CVSS 3.1 sco...
CVE-2021-2076
CVE-2021-2076 affects Oracle MySQL Server (component: Server: Optimizer) with affected versions 8.0.22 and earlier. An attacker with network access via multiple protocols and high privileges can cause the server to hang or crash (complete DoS). CVSS 3.1 base score 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:N...
CVE-2021-2081
CVE-2021-2081 affects Oracle MySQL Server (component: Server: Stored Procedure). Affected versions are 8.0.22 and earlier. The description states an easily exploitable vulnerability that allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang ...
CVE-2022-21451
CVE-2022-21451 affects Oracle MySQL Server (InnoDB) for affected versions 5.7.37 and earlier, and 8.0.28 and earlier. The vulnerability can be exploited by a highly privileged attacker with network access via multiple protocols to cause a hang or frequent crashes (denial of service); exploitation...
CVE-2020-14581
CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...
CVE-2020-2589
CVE-2020-2589 is a vulnerability in Oracle MySQL Server (InnoDB) affecting 5.7.28 and earlier and 8.0.17 and earlier. The issue can allow a high-privilege attacker with network access via multiple protocols to cause a hang or repeated crashes (complete DOS) of MySQL Server, with an availability i...
CVE-2020-2679
CVE-2020-2679 affects Oracle MySQL Server (Server: Optimizer). Affected versions are 8.0.18 and earlier. The vulnerability can be exploited via network to cause a hang or frequent crash (DoS) of MySQL Server, with attack potential described as high-privilege, remote. The attached connected adviso...
CVE-2021-2070
CVE-2021-2070 affects Oracle MySQL Server (Server: Optimizer). An attacker with network access via multiple protocols and high privileges could cause a hang or crash (DoS) in MySQL Server; affected versions include 8.0.22 and earlier. Public details in the connected documents confirm the vulnerab...
CVE-2018-3162
CVE-2018-3162 is a vulnerability in the MySQL Server component (subcomponent: InnoDB) affecting versions 5.7.23 and earlier and 8.0.12 and earlier. The CVE description states an attacker with network access can cause a hang or frequent crash (DoS). The connected F5 advisory notes remediation by u...
CVE-2021-2072
CVE-2021-2072 affects Oracle MySQL Server (Server: Stored Procedure). In the provided sources, affected versions are 8.0.22 and earlier. The vulnerability allows a high-privilege attacker who can reach the server over multiple network protocols to cause the MySQL Server to hang or crash (denial o...