Lucene search
K
OracleMysql

1328 matches found

CVE
CVE
added 2020/12/08 3:30 p.m.1194 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.1147 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.0595EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.1031 views

CVE-2018-3063

CVE-2018-3063 is a MySQL/MariaDB Server vulnerability in the Privileges subcomponent. Affected products include MySQL/MariaDB Server versions up to 5.5.60 and earlier. The vulnerability is exploitable by a high-privileged attacker with network access via multiple protocols and can lead to a hang ...

4.9CVSS5AI score0.03213EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.975 views

CVE-2020-2574

CVE-2020-2574 affects the Oracle MySQL Client (C API). Affected: MySQL Client in Oracle MySQL releases 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. Description in the sources: vulnerability allows an unauthenticated attacker with network access via multiple protocols to cause a...

5.9CVSS5.6AI score0.03485EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.926 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2012/08/17 12:0 a.m.911 views

CVE-2012-2750

CVE-2012-2750 refers to an unspecified vulnerability in MySQL 5.5.x before 5.5.23 with unknown impact and attack vectors related to a Security Fix (Bug #59533). The description notes this may be a duplicate of CVE-2012-1689, and Oracle had not commented on that possibility as of 2012-08-16. Sever...

10CVSS4.9AI score0.03607EPSS
CVE
CVE
added 2020/06/03 12:0 a.m.852 views

CVE-2020-11080

In nghttp2, CVE-2020-11080 is a denial-of-service vulnerability caused by an overly large HTTP/2 SETTINGS frame payload in versions before 1.41.0. A PoC repeatedly sends a 14,400-byte SETTINGS frame (2400 settings entries), spiking CPU. The issue is mitigated by upgrading to nghttp2 1.41.0 or lat...

7.5CVSS6.5AI score0.05316EPSS
CVE
CVE
added 2016/05/16 10:0 a.m.829 views

CVE-2015-3152

The CVE-2015-3152 issue affects MySQL client libraries where the --ssl flag is treated as optional, allowing a MITM downgrade to cleartext SSL and server spoofing. Affected products/versions include Oracle MySQL prior to 5.7.3, Oracle MySQL Connector/C (libmysqlclient) prior to 6.1.3, and MariaDB...

5.9CVSS5.6AI score0.07083EPSS
CVE
CVE
added 2020/04/21 1:45 p.m.820 views

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

7.5CVSS7.5AI score0.53336EPSS
CVE
CVE
added 2019/02/04 7:0 a.m.812 views

CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

5.3CVSS6.3AI score0.09393EPSS
CVE
CVE
added 2013/10/01 5:0 p.m.783 views

CVE-2012-5627

CVE-2012-5627 affects Oracle MySQL and MariaDB where the salt is not changed during multiple executions of the CHANGE_USER command within the same MySQL/MariaDB connection. This allows remote authenticated users to more easily brute-force passwords. Affected versions include MySQL/MariaDB: 5.5.x ...

4CVSS5AI score0.11413EPSS
CVE
CVE
added 2016/09/20 6:0 p.m.779 views

CVE-2016-6662

CVE-2016-6662 affects MySQL-derived products (MySQL, MariaDB, Percona Server) across multiple branches, allowing local users to bypass protections by setting general_log_file to a my.cnf configuration. The underlying flaw enables arbitrary configuration by non-privileged users and can be leverage...

10CVSS8AI score0.6773EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.767 views

CVE-2020-2752

CVE-2020-2752 affects the Oracle MySQL Client (C API). Publicly documented affected versions are 5.6.47 and earlier, 5.7.27 and earlier, and 8.0.17 and earlier. The vulnerability can be triggered by a network-accessing attacker via multiple protocols with low privileges and may lead to a Hang or ...

5.3CVSS6AI score0.02317EPSS
CVE
CVE
added 2009/07/13 5:0 p.m.761 views

CVE-2009-2446

CVE-2009-2446 affects MySQL server: format string vulnerabilities in libmysqld dispatch_command (sql_parse.cc) in MySQL 4.0.0–5.0.83. Exploited by remote authenticated users to crash mysqld (DoS) via crafted database name in COM_CREATE_DB or COM_DROP_DB. Remediation: upgrade to patched MySQL vers...

8.5CVSS9.4AI score0.10586EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.757 views

CVE-2019-2938

CVE-2019-2938 affects MySQL Server (InnoDB) in Oracle MySQL. Affected versions include 5.7.27 and earlier and 8.0.17 and earlier; exploitation over network could cause a hang or crash (DoS) with high privileges. CVSSv3 base score 4.4. Patches are available; advisory ALSA-2020-1333 recommends upgr...

4.4CVSS4.5AI score0.02985EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.747 views

CVE-2021-2011

CVE-2021-2011 affects Oracle MySQL's Client C API, with vulnerable versions 5.7.32 and earlier and 8.0.22 and earlier. An unauthenticated network attacker can trigger a hang or crash (DoS) via multiple protocols. remediation is to upgrade to a version where the issue is resolved (e.g., newer MySQ...

7.1CVSS5.5AI score0.03028EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.743 views

CVE-2021-2022

CVE-2021-2022 is a vulnerability in Oracle MySQL Server (component: InnoDB) that affects MySQL Server versions 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The issue is exploitable by a highly privileged attacker who can access the affected server over network via multiple prot...

6.3CVSS4.5AI score0.01897EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.720 views

CVE-2019-2503

The connected advisory ALAS-2019-1292 documents CVE-2019-2503 as a MySQL/MariaDB Server: Connection Handling vulnerability. Affected are Oracle MySQL Server components with versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The issue can allow a low-privileged attacker on the netw...

6.4CVSS6.4AI score0.02487EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.700 views

CVE-2019-2740

CVE-2019-2740 affects the MySQL Server component (Server: XML) of Oracle MySQL. Affected versions include 5.6.44 and prior, 5.7.26 and prior, and 8.0.16 and prior. The issue allows a low-privilege, network-accessible attacker via multiple protocols to cause a hang or a repeatable crash (DOS). Sev...

6.5CVSS6.3AI score0.03972EPSS
CVE
CVE
added 2019/09/09 4:7 p.m.696 views

CVE-2019-16168

CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...

6.5CVSS7AI score0.04253EPSS
CVE
CVE
added 2022/01/26 12:0 a.m.695 views

CVE-2021-22570

CVE-2021-22570 affects Protocol Buffers (protobuf). A null character in a proto symbol is parsed incorrectly, causing a null pointer dereference via an unchecked access to the proto file name during error message generation. The issue can enable denial of service or memory access instability as d...

6.5CVSS6.5AI score0.0266EPSS
CVE
CVE
added 2019/10/16 5:40 p.m.684 views

CVE-2019-2974

CVE-2019-2974 affects Oracle MySQL Server, component Server: Optimizer. Affected versions are 5.6.45 and prior, 5.7.27 and prior, and 8.0.17 and prior. The flaw is exploitable over the network by a low-privileged attacker and can lead to a hang or frequent, repeatable crash (DoS) of MySQL Server....

6.5CVSS6.3AI score0.03726EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.684 views

CVE-2023-22028

CVE-2023-22028 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.x up to 5.7.43 and 8.0.x up to 8.0.31. Exploitation can lead to a high-privilege attacker over network causing a hang or frequent crash (DoS) of MySQL Server. Connected sources indicate Oracle CPU advisory and ven...

4.9CVSS4.8AI score0.00891EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.676 views

CVE-2020-2760

CVE-2020-2760 affects MySQL Server (InnoDB) with affected versions 5.7.29 and prior, and 8.0.19 and prior. It enables a high-privilege attacker with network access to cause a hang or crash (DoS) and potentially unauthorized data updates/inserts/deletes. The ALAS advisory shows remediation through...

5.5CVSS5.6AI score0.03014EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.671 views

CVE-2019-2537

CVE-2019-2537 affects the MySQL Server component (subcomponent: Server: DDL) of Oracle MySQL. Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Description in connected docs confirms an easily exploitable, network-accessible vulnerability that can cause the MySQL Server to hang or c...

4.9CVSS5.1AI score0.04457EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.669 views

CVE-2019-2614

CVE-2019-2614 affects Oracle MySQL Server (subcomponent: Server: Replication). Affected versions are MySQL 5.6.43 and earlier, 5.7.25 and earlier, and 8.0.15 and earlier. The vulnerability is described as difficult to exploit and requires high privileges with network access, and it can, according...

4.4CVSS4.7AI score0.0281EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.666 views

CVE-2020-2812

CVE-2020-2812 affects the MySQL Server component (Server: Stored Procedure). Affected are MySQL/MariaDB builds with versions 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause a ...

4.9CVSS5.2AI score0.02981EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.663 views

CVE-2020-2922

CVE-2020-2922 affects the MySQL Client C API in Oracle MySQL. Affected versions are 5.6.47 and prior, 5.7.29 and prior, and 8.0.18 and prior. It is difficult to exploit and can allow an unauthenticated attacker with network access via multiple protocols to read a subset of MySQL Client data. CVSS...

4.3CVSS3.4AI score0.02436EPSS
CVE
CVE
added 2021/01/20 2:50 p.m.662 views

CVE-2021-2007

CVE-2021-2007 affects Oracle MySQL MySQL Client (C API). Affected versions: 5.6.47 and prior, 5.7.29 and prior, and 8.0.19 and prior. The vulnerability is exploitable by an unauthenticated attacker with network access via multiple protocols, potentially leading to unauthorized read access of a su...

4.3CVSS3.4AI score0.02272EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.639 views

CVE-2019-2529

CVE-2019-2529 affects Oracle MySQL Server (Server: Optimizer). Affected: 5.6.42 and prior, 5.7.24 and prior, 8.0.13 and prior. Low-privilege, network-access attacker can cause a hang or complete DOS. Remediation: advisories/applicable updates exist (e.g., ALAS/CentOS/RHSA); update mariadb/mysql p...

6.5CVSS6.2AI score0.0461EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.634 views

CVE-2022-21607

CVE-2022-21607 is a vulnerability in Oracle MySQL Server, specifically in the Server: Optimizer component. Affected are MySQL Server versions up to and including 8.0.28 (and prior). The flaw is exploitable by a high-privilege attacker who can reach the server over the network via multiple protoco...

4.9CVSS4.7AI score0.01024EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.633 views

CVE-2023-22068

CVE-2023-22068 affects Oracle MySQL Server (InnoDB). Affected: MySQL 8.0.34 and earlier, and 8.1.0. An attacker with network access via multiple protocols and high privileges can cause the server to hang or crash (DoS). No explicit exploitation details are provided beyond this claim. Remediation:...

4.9CVSS5.1AI score0.0094EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.629 views

CVE-2023-22103

CVE-2023-22103 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.34 and earlier, and 8.1.0. Attack via network with high privileges can cause a hang or frequent crash (DoS) of MySQL Server. CVSS v3.1 base score 4.9 (Availability). Remediation: upgrade to a fixed package/version...

4.9CVSS5.1AI score0.00983EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.627 views

CVE-2022-21641

Summary (from provided sources): CVE-2022-21641 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected versions are 8.0.29 and earlier. The vulnerability is exploitable by a high-privilege attacker with network access via multiple protocols and can lead to a hang or a...

4.9CVSS4.9AI score0.00962EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.620 views

CVE-2022-21595

CVE-2022-21595 affects Oracle MySQL Server (component: C API). Affected versions include MySQL Server 5.7.36 and prior and 8.0.27 and prior. The vulnerability is exploitable with network access via multiple protocols and is described as difficult to exploit, requiring high privileges. Successful ...

4.4CVSS4.6AI score0.01048EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.619 views

CVE-2022-21592

CVE-2022-21592 affects Oracle MySQL Server (Server: Security: Encryption). Affected: MySQL 5.7.39 and earlier, and 8.0.29 and earlier. A low-privileged attacker with network access over multiple protocols can cause unauthorized read access to a subset of data. CVSS 3.1 base score 4.3 (Confidentia...

4.3CVSS3.7AI score0.00653EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.615 views

CVE-2021-2144

CVE-2021-2144 affects Oracle MySQL Server (component: Server: Parser). Affected versions are 5.7.29 and earlier and 8.0.19 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to compromise the MySQL Server, potentially leading to takeover of ...

7.2CVSS6.5AI score0.01886EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.614 views

CVE-2022-21638

CVE-2022-21638 affects Oracle MySQL Server (component: Server: Optimizer). Affected: MySQL Server 8.0.29 and earlier. Attack surface: network-accessible via multiple protocols; requires high privileges; can cause a hang or frequent crash (denial of service). Several connected advisories confirm a...

4.9CVSS4.9AI score0.00962EPSS
CVE
CVE
added 2022/10/18 12:0 a.m.610 views

CVE-2022-21605

CVE-2022-21605 concerns the Oracle MySQL Server, specifically the Server: Data Dictionary component. Affected are MySQL Server versions 8.0.28 and earlier . The vulnerability enables a high-privilege attacker with network access (via multiple protocols) to cause the server to hang or crash, resul...

4.9CVSS4.7AI score0.01024EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.609 views

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

9.8CVSS9.9AI score0.07489EPSS
CVE
CVE
added 2019/09/15 9:45 p.m.608 views

CVE-2019-14540

CVE-2019-14540 affects jackson-databind up to version 2.9.10 with serialization gadget risk involving the HikariCP classes (com.zaxxer.hikari.HikariConfig). The authoritative initial doc notes a polymorphic typing issue in jackson-databind related to HikariConfig. Connected-material references (A...

9.8CVSS9.3AI score0.10676EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.604 views

CVE-2020-2780

CVE-2020-2780 affects Oracle MySQL Server (Server: DML) with vulnerable ranges: 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The issue allows a low-privileged, network-access attacker to cause a hang or crash (DOS) via multiple protocols. The connected advisories (e.g., ALAS/ C...

6.5CVSS6.3AI score0.0243EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.602 views

CVE-2023-22114

CVE-2023-22114 affects Oracle MySQL (InnoDB) with versions 8.0.34 and earlier and 8.1.0. An attacker with network access via multiple protocols and high privileges could trigger a hang or crash (DoS). Public materials identify the vulnerability and impact but do not provide exploitation details i...

4.9CVSS5.1AI score0.00983EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.601 views

CVE-2023-22079

CVE-2023-22079 concerns Oracle MySQL Server, component Server: Optimizer. Affected: MySQL 8.0.34 and earlier. Description: a low-privileged, network-accessible attacker can cause the MySQL Server to hang or crash (complete DoS) via multiple protocols. CVSS v3.1 base score 6.5 (Availability HIGH; ...

6.5CVSS6.5AI score0.00911EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.600 views

CVE-2020-14765

An advisory indicates CVE-2020-14765 affects Oracle MySQL Server (Server: FTS) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. The cited materials describe a vulnerability that can cause the MySQL Server to hang or crash (DoS) via network access, but the root caus...

6.8CVSS6.4AI score0.03012EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.596 views

CVE-2023-22064

CVE-2023-22064 affects Oracle MySQL Server (Server: Optimizer) with affected versions 8.0.34 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or repeatable crash (a complete DoS) of MySQL Server; CVSS v3.1 base score 4.9 (A...

4.9CVSS5.2AI score0.00884EPSS
CVE
CVE
added 2020/06/27 11:39 a.m.591 views

CVE-2020-15358

CVE-2020-15358 (SQLite) affects the SQLite library, specifically the query engine path in select.c where the query-flattener optimization mishandles constant propagation for multiSelectOrderBy. The root cause is a mishandling of transitive properties during constant propagation, leading to a heap...

5.5CVSS6.8AI score0.01027EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.588 views

CVE-2020-14812

CVE-2020-14812 affects Oracle MySQL Server (component: Server: Locking) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. Exploitation can lead to a hang or frequent crashes (DoS) with network access. Remediation status varies by distribution; Debian LTS notes a fix...

6.8CVSS5.1AI score0.0288EPSS
CVE
CVE
added 2023/10/17 9:2 p.m.588 views

CVE-2023-22070

CVE-2023-22070 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.34 and earlier and 8.1.0. Exploitation via network could cause high-availability impact (hang or crash). Remediation: upgrade to patched version (e.g., 8.0.35-1 or newer as referenced by Debian/Mariner advisories)...

4.9CVSS5.1AI score0.00871EPSS
CVE
CVE
added 2024/04/16 9:26 p.m.586 views

CVE-2024-21096

Technical details about CVE-2024-21096 are not publicly provided in the supplied documents. Monitoring for updates is advised; the current sources do not specify affected products, versions, exploitability, or remediation within the given materials.

4.9CVSS5.9AI score0.00424EPSS
Total number of security vulnerabilities1328