743 matches found
CVE-2020-2896
CVE-2020-2896 affects the MySQL Server (Oracle MySQL), specifically the Server: Information Schema component. Affected are 8.0.19 and earlier. The vulnerability allows a high-privilege attacker who has network access via multiple protocols to cause the MySQL Server to hang or crash (complete deni...
CVE-2020-2924
CVE-2020-2924 affects Oracle MySQL Server (component: Server: Optimizer) with vulnerable versions 8.0.19 and earlier. The issue can be exploited by a highly privileged attacker over the network via multiple protocols to cause a hang or crash of MySQL Server (complete DoS). The provided documents ...
CVE-2021-2215
CVE-2021-2215 affects Oracle MySQL Server (Server: Stored Procedure) with affected versions 8.0.23 and earlier. The vulnerability can be exploited by a high-privileged attacker with network access via multiple protocols to cause a hang or a repeatable crash (DoS) of MySQL Server. The CVSS 3.1 bas...
CVE-2021-35556
CVE-2021-35556 is a vulnerability in the Swing component of Java SE (and related GraalVM Enterprise Edition versions) affecting Java SE 7u311, 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. An unauthenticated attacker with network access via multiple protocols can potentially exploit this to ca...
CVE-2019-3018
CVE-2019-3018 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.17 and earlier. The vulnerability allows a high-privilege attacker who can reach the server over multiple protocols to cause a hang or a frequently repeatable crash (complete DOS) of MySQL Server. Root cause is tied to ...
CVE-2020-14553
CVE-2020-14553 affects Oracle MySQL Server (Server: Pluggable Auth) with versions 5.7.30 and prior and 8.0.20 and prior. The vulnerability allows a low-privilege, network-accessible attacker to perform unauthorized updates to MySQL data (I:LOW, A:N) via multiple protocols. Public sources confirm ...
CVE-2020-14785
CVE-2020-14785 affects Oracle MySQL Server (Server: Optimizer) with vulnerable versions up to 8.0.21 and earlier. The issue allows a high-privilege attacker who can reach the server over multiple network protocols to cause the MySQL Server to hang or crash, producing a denial of service. Practica...
CVE-2021-2006
CVE-2021-2006 affects Oracle MySQL Client (C API). Affected: MySQL Client, version 8.0.19 and prior. Condition: low-privilege attacker with network access via multiple protocols. Impact: can cause a hang or crash of the MySQL Client (complete DoS) as described in the CVE. Exploitation details are...
CVE-2021-2178
CVE-2021-2178 affects Oracle MySQL Server (Server: Replication). Affected versions: MySQL 5.7.32 and earlier, and 8.0.22 and earlier. The vulnerability is exploitable by a low-privileged attacker with network access via multiple protocols, potentially causing a hang or a frequently repeatable cra...
CVE-2022-21305
CVE-2022-21305 is present across multiple Oracle Java SE and GraalVM Enterprise Edition components (Hotspot, Serialization, JAXP, ImageIO, Libraries, 2D/3D) affecting Java versions 7u321, 8u311, 11.0.13, 17.0.1 (and GraalVM EE 20.3.4/21.3.0). Public advisories describe unauthenticated network-bas...
CVE-2024-21094
CVE-2024-21094 affects Oracle Java SE Hotspot and Oracle GraalVM variants, with affected versions including Java SE 8u401/11.0.22/17.0.10/21.0.2/22 and GraalVM JDK 17.0.10/21.0.2/22, and GraalVM Enterprise 20.3.13/21.3.9. The vulnerability can be exploited remotely via multiple protocols to allow...
CVE-2020-14547
CVE-2020-14547 affects Oracle MySQL Server, component Server: Optimizer. Affected versions include MySQL 5.7.30 and earlier and 8.0.20 and earlier. The vulnerability permits network-accessed exploitation by a high-privileged attacker to cause a hang or frequent, repeatable crashes (DOS) of MySQL ...
CVE-2021-2170
CVE-2021-2170 affects Oracle MySQL Server (component: Server: Optimizer) with affected versions 8.0.23 and earlier. The vulnerability can allow a high-privileged attacker with network access to cause a hang or a frequently repeatable crash (complete DoS) of MySQL Server. Public references in conn...
CVE-2021-2304
CVE-2021-2304 affects Oracle MySQL Server (Server: Stored Procedure) in MySQL 8.0.23 and earlier. The underlying issue enables a high-privilege attacker, over network via multiple protocols, to cause a hang or crash (DoS) and to perform unauthorized updates/deletes on accessible data. Patches exi...
CVE-2021-29489
Highcharts JS (charting library) versions 8 and earlier are vulnerable to cross-site scripting due to inadequate filtering of the chart options structure for XSS vectors. The vulnerability can allow execution of untrusted script in the end user’s browser if the configuration contains malicious in...
CVE-2019-2530
CVE-2019-2530 is a vulnerability in Oracle MySQL Server (Server: Optimizer). Affected are MySQL 8.0.13 and earlier. It allows a high-privileged attacker with network access to cause a hang or a frequent crash (DoS); CVSS 3.1 base score 4.9. Remediation in advisories (e.g., RHSA-2019:2511) is to u...
CVE-2020-14828
CVE-2020-14828 affects Oracle MySQL Server (Server: DML) and is detailed in related documents as affecting MySQL 8.0.21 and earlier. The vulnerability is described as easily exploitable, allowing a high-privilege attacker with network access via multiple protocols to take over the MySQL Server, w...
CVE-2020-2627
CVE-2020-2627 affects MySQL Server (Oracle MySQL), specifically the Parser component in MySQL 8.0.18 and earlier. The vulnerability is described as easily exploitable with network access via multiple protocols, potentially causing the MySQL Server to hang or crash (complete DOS) via the Parser. C...
CVE-2020-2903
CVE-2020-2903 affects Oracle MySQL Server (Server: Connection Handling). Affected: MySQL 8.0.19 and earlier. Exploitation requires network access and a high-privilege attacker can cause a hang or crash (DoS) via multiple protocols. CVSS v3 base 4.9 (A: High). Remediation: upgrade to a fixed relea...
CVE-2021-2298
CVE-2021-2298 affects Oracle MySQL Server, component Server: Optimizer, with affected versions 8.0.23 and earlier. It is a network-exploitable issue where a low-privileged attacker can cause a hang or frequent crash (DoS). Evidence across sources confirms the vulnerability details and the potenti...
CVE-2019-3011
CVE-2019-3011 affects Oracle MySQL Server (Server: C API). Affected versions are 8.0.17 and prior; attacker with network access via multiple protocols can cause MySQL Server to hang or crash (DoS). Multiple connected advisories reference this CVE within the MySQL 8.0 stack (InnoDB/C API/Parser/et...
CVE-2020-2601
CVE-2020-2601 affects Oracle Java SE and Java SE Embedded Security components. Affected Java SE: 7u241, 8u231, 11.0.5, 13.0.1; Java SE Embedded: 8u231. Root cause is a Kerberos-related issue that can be exploited by an unauthenticated attacker with network access, potentially allowing access to s...
CVE-2021-2179
CVE-2021-2179 affects Oracle MySQL Server (component: Server: Group Replication Plugin). Affected versions include MySQL 5.7.33 and earlier and 8.0.23 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or frequent crash (DoS...
CVE-2021-2301
CVE-2021-2301 affects Oracle MySQL Server (component: Server: Information Schema). Public records show affected versions up to 8.0.23. The vulnerability allows a high-privilege attacker with network access via multiple protocols to obtain unauthorized read access from the Information Schema data....
CVE-2022-21299
CVE-2022-21299 is reported across multiple feeds as affecting Oracle Java SE and GraalVM Enterprise Edition, involving several components (JAXP, Serialization, Libraries, ImageIO, Hotspot, 2D). Affected Java SE versions include 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE versions 20.3.4 and 21.3.0....
CVE-2022-21824
CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...
CVE-2019-17267
Summary (CVE-2019-17267): A polymorphic typing deserialization issue in FasterXML Jackson Databind (versions prior to 2.9.10) related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. IBM/X-Force details show a base score of 7.3 (CVSSv3) with high impact on confidentiality, integrit...
CVE-2019-2533
CVE-2019-2533 affects Oracle MySQL Server (Server: Privileges) with affected versions up to 8.0.13. The vulnerability allows a low-privileged, networked attacker to compromise MySQL Server, potentially leading to unauthorized creation, deletion or modification of data or access to all data on the...
CVE-2019-2967
CVE-2019-2967 is a vulnerability in Oracle MySQL Server (Server: Optimizer) affecting 8.0.17 and older. An attacker with low privileges and network access via multiple protocols can exploit it to cause a hang or crash (DoS). The exploit details and CVSS context are reflected across multiple advis...
CVE-2019-2991
CVE-2019-2991: A vulnerability in Oracle MySQL Server (Server: Optimizer) affects MySQL 8.0.x
CVE-2020-2762
CVE-2020-2762 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.19 and earlier. The root cause is within the InnoDB component, enabling a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) on the MySQL Server. Impact is Availability (...
CVE-2021-2164
CVE-2021-2164 affects Oracle MySQL Server (Server: Optimizer) with affected versions up to 8.0.23. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or a repeatable crash (DoS). Connected advisories indicate a fix is available in later M...
CVE-2021-2305
CVE-2021-2305 affects Oracle MySQL Server (component: Server: DML) and impacts users running MySQL Server 8.0.23 and earlier. The vulnerability arises in the Server: DML area and can be exploited by a high-privilege attacker with network access via multiple protocols, potentially allowing the att...
CVE-2021-2308
CVE-2021-2308 affects Oracle MySQL Server, component Server: Information Schema. Affected: MySQL 8.0.23 and earlier. Vulnerability allows a high-privilege attacker with network access via multiple protocols to read a subset of MySQL Server data. CVSSv3.1 base score 2.7 (LOW); vector: AV:N/AC:L/PR...
CVE-2020-14633
CVE-2020-14633 affects Oracle MySQL Server (InnoDB) with affected versions 8.0.20 and earlier. The vulnerability enables a high-privileged attacker with network access via multiple protocols to perform unauthorized update/insert/delete on MySQL Server data. The connected advisories corroborate mu...
CVE-2020-14643
CVE-2020-14643 affects Oracle MySQL’s MySQL Server (component: Server: Security: Roles). The vulnerability targets MySQL Server versions 8.0.20 and earlier. An attacker with network access through multiple protocols and high privileges can exploit this issue to cause a hang or a frequently repeat...
CVE-2020-14848
CVE-2020-14848 affects MySQL Server (Oracle MySQL), specifically the InnoDB component. Affected products/versions: MySQL 8.0.21 and earlier. Description from connected docs: an authenticated attacker with network access via multiple protocols can exploit this to trigger a hang or a frequently rep...
CVE-2020-2660
CVE-2020-2660 affects Oracle MySQL's MySQL Server (component: Server: Optimizer). The cited description indicates an easily exploitable, network-accessible vulnerability allowing a high-privilege attacker to cause a hang or a frequent crash (complete DOS) of MySQL Server. Affected versions are 5....
CVE-2020-2805
CVE-2020-2805 is an OpenJDK/OpenJDK Libraries issue. The connected Chainguard entry states the flaw resides in the readObject() method of the MethodType class within the Libraries component of OpenJDK, which can allow an untrusted Java applet or application to bypass Java sandbox restrictions. Th...
CVE-2020-2895
CVE-2020-2895 affects Oracle MySQL Server, InnoDB component. Affected: MySQL 8.0.19 and earlier. Vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. CVSS 3.0 base score 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)...
CVE-2021-2196
CVE-2021-2196 affects Oracle MySQL Server (component: Server: DML). Affected versions: 8.0.23 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequent crash (DoS). No exploitation details are provided in the documents. Remediation status...
CVE-2021-2278
CVE-2021-2278 affects Oracle MySQL Server, component Server: Optimizer. Affected: MySQL 8.0.23 and prior. An attacker with high privileges and network access via multiple protocols can trigger a hang or crash of MySQL Server (complete DoS). Documents corroborate impact as a denial of service with...
CVE-2022-21248
CVE-2022-21248 affects Oracle Java SE and GraalVM Enterprise Edition via the Serialization component. Affected Oracle Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The vulnerability is exploitable over the network and allows an unauthenticated att...
CVE-2019-3009
CVE-2019-3009 affects Oracle MySQL Server (Server: Connection). Affected versions are 8.0.17 and earlier. The root cause, as described in the public entry and corroborated by linked advisories, is a condition that enables a high-privilege attacker who can access the server over multiple protocols...
CVE-2020-14829
CVE-2020-14829 affects Oracle MySQL Server (InnoDB) with vulnerable versions 8.0.21 and earlier. The flaw allows a high-privilege attacker with network access via multiple protocols to cause a hang or frequent crash (complete DoS) of MySQL Server. CVSS v3.1 base score is 4.9 (Availability impact)...
CVE-2020-2761
CVE-2020-2761 affects Oracle MySQL Server (Server: Security: Privileges) in MySQL 8.0.18 and earlier. An authenticated, high-privilege attacker with network access via multiple protocols can cause a hang or crash (DoS). Remediation is to upgrade MySQL to a version where the fix is included (per A...
CVE-2020-2774
CVE-2020-2774 affects Oracle MySQL Server 8.0.18 and earlier, involving the Server: Security: Privileges area. A high-privilege attacker with network access via multiple protocols can cause a hang or frequent crash (DoS) of MySQL Server. The available connected documents confirm the vulnerability...
CVE-2019-2960
CVE-2019-2960 refers to a vulnerability in Oracle MySQL Server (Server: Replication). Affected versions are MySQL 5.7.27 and prior and 8.0.17 and prior. The issue is exploitable with network access via multiple protocols by a high-privilege attacker and can lead to a hang or frequently repeatable...
CVE-2020-14804
CVE-2020-14804 affects Oracle MySQL Server (component: Server: FTS). Affected versions: 8.0.21 and earlier. An attacker with high privileges, over the network via multiple protocols, can cause a hang or crash (DoS) in MySQL Server. Remediation in connected docs shows upgrading to MySQL 8.0.26 (an...
CVE-2021-36222
CVE-2021-36222 affects MIT Kerberos 5 (krb5) KDC: the ec_verify path in kdc/kdc_preauth_ec.c can trigger a NULL pointer dereference and daemon crash. The issue occurs in KDC processing for PA-ENCRYPTED-CHALLENGE data when not correctly handling a return value in certain situations, leading to a d...