Lucene search

K

565 matches found

CVE
CVE
added 2021/04/22 10:15 p.m.475 views

CVE-2021-2194

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.9AI score0.00107EPSS
CVE
CVE
added 2022/07/06 1:15 p.m.472 views

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the ...

9.8CVSS9.5AI score0.87662EPSS
Web
CVE
CVE
added 2022/05/06 12:15 p.m.469 views

CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system...

5.5CVSS6.7AI score0.00285EPSS
CVE
CVE
added 2020/05/01 7:15 p.m.459 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS9.2AI score0.02443EPSS
CVE
CVE
added 2024/04/16 10:15 p.m.458 views

CVE-2024-21096

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

4.9CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.457 views

CVE-2021-2021

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

6.8CVSS4.9AI score0.52047EPSS
In wildWeb
CVE
CVE
added 2021/02/08 8:15 p.m.452 views

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multip...

6.2CVSS6.2AI score0.00016EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.442 views

CVE-2018-3060

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

6.5CVSS6.3AI score0.00144EPSS
CVE
CVE
added 2018/10/17 12:29 p.m.438 views

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

9.1CVSS8.5AI score0.77515EPSS
Web
CVE
CVE
added 2018/01/18 2:29 a.m.430 views

CVE-2018-2612

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

7.5CVSS6.3AI score0.0027EPSS
CVE
CVE
added 2021/04/01 3:15 p.m.428 views

CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can ...

5.3CVSS5.2AI score0.93374EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.425 views

CVE-2019-2481

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.8AI score0.00113EPSS
CVE
CVE
added 2021/04/22 10:15 p.m.423 views

CVE-2021-2180

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.9AI score0.00116EPSS
CVE
CVE
added 2021/03/21 5:15 a.m.421 views

CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbit...

6.1CVSS6.5AI score0.00491EPSS
CVE
CVE
added 2018/02/06 3:29 p.m.419 views

CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

9.8CVSS9.2AI score0.77423EPSS
Web
CVE
CVE
added 2021/01/20 3:15 p.m.418 views

CVE-2021-2032

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL S...

4.3CVSS3.7AI score0.00373EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.417 views

CVE-2018-3081

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

5CVSS5.2AI score0.00106EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.416 views

CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that ...

9.8CVSS9.3AI score0.24561EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.415 views

CVE-2018-3133

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mul...

6.5CVSS6.3AI score0.00551EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.411 views

CVE-2019-2534

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...

7.1CVSS6.4AI score0.00246EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.409 views

CVE-2018-3156

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00261EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.409 views

CVE-2018-3251

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00341EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.408 views

CVE-2018-3143

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00261EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.406 views

CVE-2020-2579

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS6.1AI score0.00637EPSS
CVE
CVE
added 2021/08/16 7:15 p.m.406 views

CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection v...

9.8CVSS9.9AI score0.01408EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.402 views

CVE-2019-2531

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS4.8AI score0.00131EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.402 views

CVE-2021-2048

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t...

7CVSS5AI score0.00201EPSS
CVE
CVE
added 2022/04/19 9:15 p.m.400 views

CVE-2022-21427

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS5.3AI score0.00057EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.399 views

CVE-2018-1000632

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or e...

7.5CVSS7.8AI score0.00997EPSS
CVE
CVE
added 2021/07/21 3:15 p.m.399 views

CVE-2021-2389

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Su...

7.1CVSS5.4AI score0.00494EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.393 views

CVE-2018-3173

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS5AI score0.0019EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.393 views

CVE-2018-3200

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS5AI score0.0019EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.390 views

CVE-2021-2087

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Su...

4.9CVSS4.6AI score0.00124EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.389 views

CVE-2021-2046

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While t...

6.8CVSS6.3AI score0.00201EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.388 views

CVE-2021-2088

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Su...

4.9CVSS4.6AI score0.00124EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.386 views

CVE-2018-3185

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

5.5CVSS5.5AI score0.00135EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.386 views

CVE-2021-2001

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to ...

6.8CVSS4.9AI score0.00358EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.383 views

CVE-2021-2060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to ...

6.8CVSS4.9AI score0.00201EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.382 views

CVE-2018-3284

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

4.4CVSS4.6AI score0.00246EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.381 views

CVE-2018-3277

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS5AI score0.0019EPSS
CVE
CVE
added 2022/04/19 9:15 p.m.380 views

CVE-2022-21460

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.4CVSS4.3AI score0.00235EPSS
CVE
CVE
added 2021/04/01 3:15 p.m.378 views

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that dir...

4CVSS5.1AI score0.00152EPSS
In wild
CVE
CVE
added 2021/04/22 10:15 p.m.377 views

CVE-2021-2307

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to ...

6.1CVSS6.1AI score0.00684EPSS
CVE
CVE
added 2020/01/03 4:15 a.m.376 views

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

9.8CVSS9.2AI score0.01612EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.373 views

CVE-2020-2572

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...

4CVSS3.2AI score0.00321EPSS
CVE
CVE
added 2021/09/29 8:15 p.m.373 views

CVE-2021-22946

A user can tell curl >= 7.20.0 and

7.5CVSS7.6AI score0.00049EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.372 views

CVE-2020-2589

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.8AI score0.00362EPSS
CVE
CVE
added 2021/01/20 3:15 p.m.371 views

CVE-2021-2036

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

6.8CVSS4.9AI score0.00201EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.369 views

CVE-2020-2765

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.8AI score0.00097EPSS
CVE
CVE
added 2020/07/24 10:15 p.m.367 views

CVE-2020-8174

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and

9.3CVSS8.1AI score0.00741EPSS
Total number of security vulnerabilities565