743 matches found
CVE-2022-39410
CVE-2022-39410 affects Oracle MySQL Server (Server: Optimizer). The vulnerability is exploitable remotely over network protocols and can lead to a hang or frequent crash (DoS) of MySQL Server, affecting versions 8.0.30 and earlier. The issue is confirmed across multiple data sources describing a ...
CVE-2021-43797
CVE-2021-43797 : Netty prior to 4.1.71.Final fails to validate control chars at the start/end of header names, allowing HTTP request smuggling via crafted transfer-encoding/headers. This can enable the proxy to sanitize header names and forward malformed requests to remote systems that may not re...
CVE-2022-21253
CVE-2022-21253 affects Oracle MySQL Server (Server: Optimizer) with the 8.0.27 and earlier versions. The vulnerability allows a high-privilege attacker who can reach the server over network protocols to cause a hang or frequent, repeatable crash (complete DoS). The connected advisories indicate r...
CVE-2018-3056
CVE-2018-3056 affects Oracle MySQL Server: Security: Privileges. Affected versions are MySQL 5.7.22 and earlier and 8.0.11 and earlier. An attacker with network access via multiple protocols can cause unauthorized read access to a subset of MySQL data. Remediation identified in connected advisori...
CVE-2019-2981
CVE-2019-2981 affects Oracle Java SE/Java SE Embedded (component: JAXP) with affected releases including Java SE 7u231, 8u221, 11.0.4 and 13; Java SE Embedded 8u221. The issue allows an unauthenticated network attacker to cause a partial denial of service in Java SE/Embedded, via the JAXP path (p...
CVE-2021-2203
CVE-2021-2203 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.23 and earlier. Description indicates an easily exploitable vulnerability that, with network access via multiple protocols, could allow a high-privilege attacker to cause a hang or frequent crashes of My...
CVE-2022-21254
CVE-2022-21254 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL 8.0.27 and earlier. Description in the CVE notes that a low-privilege attacker with network access via multiple protocols can cause a hang or lengthy crash of MySQL Server (DoS). Connected documents corrobo...
CVE-2022-21594
CVE-2022-21594 — MySQL Server (Optimizer) Denial of Service . Affects MySQL 8.0.x up to 8.0.30 (including 8.0.30 and prior). The vulnerability resides in the Server: Optimizer component and can be exploited remotely over multiple protocols by a high-privilege attacker to cause the MySQL Server to...
CVE-2018-3144
CVE-2018-3144 affects Oracle MySQL Server: Security: Audit. Affected are MySQL Server versions 5.7.23 and earlier and 8.0.12 and earlier. The vulnerability can be exploited remotely with network access via multiple protocols by an unauthenticated attacker to cause a hang or crash (complete DOS). ...
CVE-2018-3187
CVE-2018-3187 affects Oracle MySQL Server (subcomponent: Server: Optimizer). Affected versions: 5.7.23 and earlier; 8.0.12 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequently reproducible crash (DoS) and may also gain unauthorized...
CVE-2018-3283
CVE-2018-3283 is mapped to Oracle MySQL Server: Logging vulnerability. Connected Red Hat entry RHSA-2018:3655 confirms affected components and notes that affected MySQL server components require a security update; remediation is provided via updated MySQL packages (e.g., for the RHSA advisory, up...
CVE-2022-21293
CVE-2022-21293 affects Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition as listed: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE 20.3.4 and 21.3.0. The issue allows unauthenticated network-based exploitation via multiple protocols, potentially enabling a partial denial of serv...
CVE-2022-21367
CVE-2022-21367 affects Oracle MySQL Server (Server: Compiling) with vulnerable versions 5.7.36 and earlier, and 8.0.27 and earlier. The vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) and may enable unauthorized update/in...
CVE-2018-3054
CVE-2018-3054 affects Oracle MySQL Server (subcomponent: Server: DDL). Affected are MySQL 5.7.22 and earlier and 8.0.11 and earlier. Exploitation can cause a high-privilege attacker to trigger a denial of service (hang/crash) in MySQL Server (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Remediation is t...
CVE-2019-2950
CVE-2019-2950 affects Oracle MySQL's MySQL Server (Server: Optimizer). Affected version: 8.0.16 and prior. The issue is a vulnerability in the Optimizer that, if exploited by a high-privilege attacker with network access via multiple protocols, can cause the MySQL Server to hang or crash (complet...
CVE-2020-14827
Summary of CVE-2020-14827 : A vulnerability in Oracle MySQL Server (Server: Security: LDAP Auth) affects MySQL 5.7.x up to 5.7.31 and MySQL 8.0.x up to 8.0.21. An attacker with low privileges who can reach the server over multiple network protocols can exploit this to gain unauthorized access to ...
CVE-2020-2593
CVE-2020-2593 affects multiple OpenJDK/JRE components across the Java SE/Embedded stack (Networking, Security, Serialization, 2D, JAXP, Libraries, etc.). Connected advisories enumerate affected versions including Java SE 7u231/7u241, 8u221/8u231, 11.0.4/11.0.5, and 13.0.1, with OpenJDK builds for...
CVE-2022-21256
CVE-2022-21256 affects Oracle MySQL Server, specifically the Group Replication Plugin. Affected: MySQL Server versions 8.0.27 and earlier. Exploitation requires high privileges over the network via multiple protocols and can cause the server to hang or crash (complete DoS). Remediation: upgrade t...
CVE-2022-21270
CVE-2022-21270 pertains to MySQL Server (Oracle MySQL), specifically the Federated server component. Affected are MySQL Server versions 5.7.36 and earlier, and 8.0.27 and earlier. The vulnerability enables a high-privilege attacker who can access the server over multiple network protocols to caus...
CVE-2024-21102
CVE-2024-21102 affects Oracle MySQL Server (component: Server: Thread Pooling). Affected versions are 8.0.36 and earlier, and 8.3.0 and earlier. The description states an easily exploitable vulnerability that, with network access via multiple protocols and a high-privilege attacker, can lead to a...
CVE-2018-3065
CVE-2018-3065 affects Oracle MySQL Server (Server: DML) prior to 5.7.23/8.0.x with 5.7.22 and 8.0.11 as affected baselines. It is exploitable by a low-privilege, network-accessible attacker via multiple protocols, and can cause a hang or crash (DoS) of MySQL Server. Remediation per sources points...
CVE-2019-2962
CVE-2019-2962 is confirmed in connected documents as an OpenJDK 7 issue affecting the 2D component, specifically a NULL pointer dereference in DrawGlyphList (2D) that can contribute to denial of service. The CentOS/Red Hat advisories list OpenJDK 7 packages as affected and recommend updating to a...
CVE-2022-21324
CVE-2022-21324 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The issue is described as a buffer-related vulnerability that could allow an attacker with access to the hardware’s physical commun...
CVE-2024-21002
CVE-2024-21002 affects Oracle Java SE (JavaFX) and Oracle GraalVM Enterprise Edition. Affected: Oracle Java SE 8u401; Oracle GraalVM Enterprise Edition 20.3.13 and 21.3.9. Exploitation requires user interaction; an unauthenticated attacker with login could indirectly impact data via updates/inser...
CVE-2024-21003
CVE-2024-21003 affects Oracle Java SE (JavaFX) and Oracle GraalVM Enterprise Edition. Affected: Oracle Java SE 8u401; GraalVM EE 20.3.13 and 21.3.9. Attack requires network access and user interaction; exploitation is difficult. Remediation is to apply the corresponding vendor fixes: Azul Zulu Op...
CVE-2021-22884
CVE-2021-22884 affects Node.js runtimes prior to 10.24.0, 12.21.0, 14.16.0 and 15.10.0, where the DNS rebinding protection can be bypassed due to a whitelist entry for “localhost6”. If an attacker controls or spoofs the victim’s DNS responses, they can exploit the DNS rebinding weakness to connec...
CVE-2022-21374
CVE-2022-21374 affects Oracle MySQL Server (component: Server: Information Schema). Connected sources indicate the root cause is an input validation error in the Server: Optimizer, enabling remote exploitation that could corrupt or delete data. Affected versions include 8.0.27 and earlier; remedi...
CVE-2022-21455
CVE-2022-21455 affects Oracle MySQL Server PAM Auth Plugin in MySQL 8.0.28 and earlier. The vulnerability enables a high-privilege attacker with network access (via multiple protocols) to compromise MySQL Server, potentially allowing unauthorized creation, deletion, or modification of critical da...
CVE-2022-21608
CVE-2022-21608 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected: MySQL 5.7.39 and earlier and 8.0.30 and earlier. Attack could be executed remotely with high privileges over multiple protocols, potentially causing the server to hang or crash (DoS). Public detail...
CVE-2019-16943
CVE-2019-16943 affects FasterXML jackson-databind (versions 2.0.0–2.9.10) via a polymorphic typing flaw that, when Default Typing is enabled for an exposed JSON endpoint and a p6spy P6DataSource is present in the classpath with an accessible RMI endpoint, can lead to remote code execution. The ro...
CVE-2022-21282
CVE-2022-21282 is a combined Java/Oracle Java SE/GraalVM issue reported across multiple advisories. The connected documents identify assorted affected components and versions, notably: Serialization , JAXP , Libraries , Hotspot , and ImageIO within Oracle Java SE and GraalVM Enterprise Edition. A...
CVE-2022-21302
CVE-2022-21302 affects MySQL Server (InnoDB) with affected version range 8.0.27 and earlier. The advisory indicates a low-privilege network-access vulnerability in InnoDB that can cause a hang or repeated crash (potential DOS). Observed mitigation in connected docs points to upgrading MySQL to 8....
CVE-2022-21279
CVE-2022-21279 affects Oracle MySQL Cluster (Cluster: General) with vulnerable MySQL NDB Cluster components. Impacted versions include 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. The vulnerability is described in sources as an input validation error (and related re...
CVE-2022-21425
The CVE-2022-21425 issue affects Oracle MySQL Server (component: Server: DDL) with affected versions 8.0.28 and older. The vulnerability enables a high-privilege attacker who can reach MySQL Server over the network via multiple protocols to cause a hang or crash (denial of service) and potentiall...
CVE-2022-21617
CVE-2022-21617 affects Oracle MySQL Server, specifically the Server: Connection Handling component. Affected versions are MySQL 5.7.39 and earlier and 8.0.30 and earlier. An attacker with network access via multiple protocols and high privileges can cause a hang or frequent, repeatable crashes (d...
CVE-2020-14869
CVE-2020-14869 affects Oracle MySQL Server, specifically the LDAP Authentication path in the Server component. Affects MySQL 5.7.x up to 5.7.31 and earlier, and 8.0.x up to 8.0.21 and earlier. An attacker with network access can exploit via multiple protocols to cause a hang or a frequently repea...
CVE-2021-3629
CVE-2021-3629 affects Undertow. The vulnerability is a flow-control handling issue over HTTP/2 that may cause overhead or a denial of service, impacting availability. Affected versions are Undertow prior to 2.0.40.Final and prior to 2.2.11.Final. Remediation: upgrade to Undertow 2.0.40.Final or 2...
CVE-2022-21264
CVE-2022-21264 affects Oracle MySQL Server, specifically the Server: Optimizer, with vulnerable versions 8.0.27 and prior. The issue enables a high-privilege attacker with network access (via multiple protocols) to cause a hang or frequent, repeatable crash (complete DoS) of MySQL Server. Affecte...
CVE-2022-21351
CVE-2022-21351 affects Oracle MySQL Server (Server: Optimizer). Affected versions: 8.0.27 and prior. Root cause: input validation error in the Server: Optimizer component. Impact: can allow a low-privileged attacker with network access to cause a hang or a frequent crash (DoS) and unauthorized up...
CVE-2022-21370
CVE-2022-21370 affects Oracle MySQL Server (Server: Optimizer) with vulnerable versions up to 8.0.27. Root cause cited as an input validation/optimizer issue that could enable a high-privilege, network-remote attacker to cause a hang or complete DOS of MySQL Server. Public references show fixes i...
CVE-2018-3276
CVE-2018-3276 affects the Oracle MySQL Server component (subcomponent: Server: Memcached). Affected are MySQL versions 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. The vulnerability allows a high-privilege attacker with network access via multiple protocols to compromise the MySQL Se...
CVE-2019-2987
CVE-2019-2987 affects the Java SE OpenJDK 2D component; the root cause is a missing glyph bitmap dimension check in FreetypeFontScaler, enabling unauthenticated network-access exploitation with potential partial DoS via crafted font data. Public advisories (e.g., Red Hat/CentOS) associate this CV...
CVE-2021-2162
CVE-2021-2162 affects Oracle MySQL Server, specifically the Server: Audit Plug-in component. Affected versions are MySQL 5.7.33 and earlier and 8.0.23 and earlier. The vulnerability can be exploited by a low-privilege attacker with network access via multiple protocols to perform unauthorized upd...
CVE-2022-21294
CVE-2022-21294 is a network-exploitable vulnerability in Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition Libraries, allowing an unauthenticated attacker to trigger a partial denial of service. Affected products/versions include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1 and Or...
CVE-2022-21633
CVE-2022-21633 is a Denial-of-Service vulnerability in Oracle MySQL Server (Server: Replication) affecting MySQL 8.0.30 and earlier. An attacker with network access via multiple protocols can cause the server to hang or crash. Remediation appears to be upgrading to MySQL 8.0.32 (per ALSA-2023:308...
CVE-2022-39400
CVE-2022-39400 affects Oracle MySQL Server (Server: Optimizer) and applies to MySQL 8.0.30 and earlier. The vulnerability can be exploited over the network by a user with high privileges, potentially causing the server to hang or crash (DoS). Public advisories indicate fixes in newer MySQL 8.0 re...
CVE-2018-3203
CVE-2018-3203 affects Oracle MySQL Server (Server: Optimizer). A vulnerability in the Server: Optimizer could be exploited by a low-privilege, network-accessible attacker to cause a hang or frequent, repeatable crashes (DoS). Affected are MySQL Server versions up to 8.0.12 and earlier. The initia...
CVE-2018-3212
CVE-2018-3212 affects Oracle MySQL Server, subcomponent Server: Information Schema. Affected versions are 8.0.12 and prior. An attacker with network access and high privileges can cause a denial of service via hang or crash of the MySQL Server. Connected Fedora notices indicate this CVE was fixed...
CVE-2019-2992
CVE-2019-2992 affects Oracle Java SE/OpenJDK Java SE/Embedded, with vulnerable components including the 2D renderer. The connected documents show a concrete root cause: in the 2D component (font rendering), excess memory allocation during operations such as font glyph mapping can lead to a denial...
CVE-2022-39408
CVE-2022-39408 affects Oracle MySQL Server (Server: Optimizer) and targets the MySQL 8.0 line (8.0.30 and earlier). The vulnerability allows a low-privilege attacker with network access via multiple protocols to cause a hang or crash (DoS) of MySQL Server. Public details in the provided docs conf...