49 matches found
CVE-2021-22931
CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...
CVE-2020-8174
CVE-2020-8174 is a Node.js vulnerability where napi_get_value_string_*() can trigger memory corruption in affected releases. Affected are Node.js runtimes prior to 10.21.0, 12.18.0, and prior to 14.4.0. Documented mitigations/include patches update Node.js to 10.21.0, 12.18.2, and 14.4.0 respecti...
CVE-2020-8277
CVE-2020-8277 centers on a DoS due to DNS resolution behavior in Node.js (triggering requests that cause many DNS responses). Public details in the initial CVE describe the impact and fixed versions: Node.js releases 15.2.1, 14.15.1, and 12.19.1 address the issue. Connected documents show affecte...
CVE-2022-21824
CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...
CVE-2021-22884
CVE-2021-22884 affects Node.js runtimes prior to 10.24.0, 12.21.0, 14.16.0 and 15.10.0, where the DNS rebinding protection can be bypassed due to a whitelist entry for “localhost6”. If an attacker controls or spoofs the victim’s DNS responses, they can exploit the DNS rebinding weakness to connec...
CVE-2021-22883
Node.js versions prior to 10.24.0, 12.21.0, 14.16.0, and 15.10.0 are vulnerable to a denial-of-service from excessive unknownProtocol connection attempts, causing file descriptor leaks and potential memory exhaustion. Affected releases can be mitigated by upgrading to patched releases (e.g., Node...
CVE-2024-21177
CVE-2024-21177 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.37 and earlier, 8.4.0 and earlier. Issue: low-privileged attacker with network access via multiple protocols can cause a hang or frequent crash (DoS). CVSS: 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Remediation/p...
CVE-2021-22939
CVE-2021-22939 affects Node.js HTTPS usage where passing undefined for rejectUnauthorized may bypass certificate validation, allowing connections to servers with expired certificates. Root cause: incomplete validation of the tls rejectUnauthorized parameter. Affected ranges vary by release stream...
CVE-2021-44531
CVE-2021-44531 affects Node.js and stems from improper handling of URI SAN types in X.509 certificate hostname verification. Older Node.js releases accepted URI SANs by default and could bypass name-constrained intermediates when PKIs aren’t defined for that SAN type; URI matching could also fail...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2025-21543
CVE-2025-21543 affects Oracle MySQL Server (component: Server: Packaging). Affects MySQL 8.0.40 and earlier, 8.4.3 and earlier, and 9.1.0 and earlier. An attacker with high privileges who can reach the server over the network via multiple protocols can cause the server to hang or crash (complete ...
CVE-2021-44533
CVE-2021-44533 affects Node.js by improper handling of multi-value Relative Distinguished Names, potentially allowing bypass of certificate subject verification. Affected are Node.js versions < 12.22.9, < 14.18.3, < 16.13.2, and
CVE-2021-44532
CVE-2021-44532 affects Node.js where SAN handling converts Subject Alternative Names to a string to validate hostnames. The vulnerability allows bypass of certificate name constraints when present in a certificate chain. Affected versions include Node.js <12.22.9, <14.18.3, <16.13.2, and
CVE-2020-8172
CVE-2020-8172 affects Node.js TLS session reuse that can bypass host certificate verification in Node.js versions prior to 12.18.0 and 14.4.0. Connected advisories confirm the issue and indicate remediation via upgrading Node.js to patched releases. The ALSA advisory notes the security fix upgrad...
CVE-2025-30722
The CVE-2025-30722 entry concerns Oracle MySQL’s MySQL Client (Client: mysqldump). Affected versions are 8.0.0–8.0.41, 8.4.0–8.4.4 and 9.0.0–9.2.0. The vulnerability is described as difficult to exploit but allows a low-privileged, network-accessing attacker to compromise MySQL Client, potentiall...
CVE-2025-30681
CVE-2025-30681 is a MySQL Server vulnerability in the replication component. Oracle MySQL lists affected versions as 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. It is described as easily exploitable via network access through multiple protocols, with a high-privilege attacker capable of compromis...
CVE-2018-1324
CVE-2018-1324 : Apache Commons Compress multiple advisories describe an infinite‑loop DoS in the Zip extra field parser used by ZipFile/ZipArchiveInputStream (versions 1.11–1.15). A specially crafted ZIP can cause an infinite loop, impacting services that use the library. Public docs confirm this...
CVE-2025-21518
CVE-2025-21518 affects Oracle MySQL Server, specifically the Server: Optimizer component (also listed with related Oracle MySQL Server entries). Affected versions are 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. The vulnerability is exploitable by a low-privilege, network-accessing att...
CVE-2025-30693
CVE-2025-30693 affects Oracle MySQL Server (InnoDB) with vulnerable versions: 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The issue allows a high-privilege attacker with network access over multiple protocols to cause a hang or a complete DoS (frequently-repeating crash) and may enable unauthoriz...
CVE-2022-21490
CVE-2022-21490 affects Oracle MySQL Cluster (Cluster: General) with affected versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, and 8.0.28 and prior. The issue enables a high-privilege attacker with access to the hardware’s physical communication segment to takeover the MySQL Cluster;...
CVE-2025-21520
CVE-2025-21520 affects Oracle MySQL Server (component: Server: Options). Affected versions: 8.0.40 and earlier, 8.4.3 and earlier, 9.1.0 and earlier. The description states a high-privilege attacker with logon and user interaction can compromise the server and gain unauthorized read access to a s...
CVE-2025-21574
CVE-2025-21574 affects Oracle MySQL Server (Server: Parser) across 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0, allowing a low-privilege, network-based attacker to cause a hang or crash (DoS). Connected sources confirm the parser component as the vulnerable element and note an exploitation demonst...
CVE-2025-21531
CVE-2025-21531 affects Oracle MySQL Server InnoDB. Affected: 8.0.40 and prior, 8.4.3 and prior, 9.1.0 and prior. An attacker with network access via multiple protocols can cause a hang or complete DOS of MySQL Server. CVSS v3.1 base 4.9 (Availability). The provided docs do not specify a fixed pat...
CVE-2025-21575
CVE-2025-21575 concerns Oracle MySQL Server (Parser component). Affected: MySQL 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The vulnerability is exploitable over the network by a low-privilege attacker via multiple protocols and can cause the MySQL Server to hang or crash (denial of service). No ...
CVE-2022-21550
CVE-2022-21550 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, and 8.0.29 and prior. Exploitation requires high-privilege access via the physical communication segment and user interaction; outcomes can include takeo...
CVE-2022-21519
CVE-2022-21519 : Oracle MySQL Cluster (component: Cluster: General) is affected for versions 8.0.29 and earlier. An unauthenticated attacker with network access via multiple protocols can cause a hang or frequent crash (complete DOS). CVSS v3.1 base score 5.9 (Availability, HIGH). References and ...
CVE-2023-21860
CVE-2023-21860 affects Oracle MySQL Cluster, specifically the Cluster: Internal Operations component. Connected sources confirm insufficient input validation in this component allows a high-privilege attacker with access to the physical network segment to compromise the MySQL Cluster, with exploi...
CVE-2021-35598
CVE-2021-35598 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. The vulnerability allows a highly privileged attacker with access to the hardware’s physical communication segment to take over the MySQL Clus...
CVE-2021-35621
CVE-2021-35621 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster releases 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, 8.0.26 and earlier. Root cause: a vulnerability in the Cluster: General component could let a highly privileged attacker, with access to the...
CVE-2020-14853
CVE-2020-14853 (MySQL Cluster, NDBCluster Plugin) is confirmed in multiple connected sources as a vulnerability affecting Oracle MySQL’s MySQL Cluster with affected versions 8.0.21 and earlier. The flaw can be exploited by a low-privilege, network-accessible attacker via multiple protocols. Succe...
CVE-2021-35590
CVE-2021-35590 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. Root cause: input validation error in MySQL Cluster. Impact: high-privilege attacker with access to the hardware communication segment can tak...
CVE-2021-35584
CVE-2021-35584 affects Oracle MySQL Cluster (Cluster: ndbcluster/plugin DDL). Affected: MySQL Cluster 8.0.26 and prior. The vulnerability is described as easily exploitable with network access from multiple protocols by a low-privilege attacker, potentially causing partial denial of service to My...
CVE-2021-35613
CVE-2021-35613 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster 8.0.26 and earlier. An unauthenticated attacker with network access via multiple protocols can compromise MySQL Cluster, resulting in a partial denial of service. The initial description provides CVSS details ...
CVE-2021-2411
CVE-2021-2411 affects Oracle MySQL Cluster (Cluster: JS module) with affected versions 8.0.25 and earlier. The vulnerability is exploitable by an unauthenticated attacker over network via multiple protocols, leading to partial denial of service of MySQL Cluster. The connected sources confirm the ...
CVE-2021-35592
CVE-2021-35592 concerns Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster versions 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. Root cause: vulnerability in the Cluster: General component that enables a high privileged attacker with access to the hardware’s physical co...
CVE-2021-35593
CVE-2021-35593 corresponds to a vulnerability in Oracle MySQL Cluster (Cluster: General). Affected versions are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. The issue is described as difficult to exploit, requiring high-privilege access in the physical network segme...
CVE-2021-35594
CVE-2021-35594 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, and 8.0.26 and earlier. Root cause per description: a vulnerability that is difficult to exploit, exploitable by a highly privileged attacker with access ...
CVE-2021-35618
CVE-2021-35618 affects Oracle MySQL Cluster (Cluster: General) with affected versions 8.0.26 and earlier. The vulnerability in the Cluster General component can permit a highly privileged attacker with physical access to the hardware communication segment to cause partial DoS on MySQL Cluster; ex...
CVE-2017-3321
CVE-2017-3321 affects Oracle MySQL Cluster’s Cluster: General subcomponent. Affected versions are 7.2.19 and earlier, 7.3.8 and earlier, and 7.4.5 and earlier. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster, leading to a...
CVE-2016-5541
CVE-2016-5541 affects Oracle MySQL Cluster (Cluster: NDBAPI). Affected are MySQL Cluster versions 7.2.26 and earlier, 7.3.14 and earlier, and 7.4.12 and earlier. The issue allows an unauthenticated, network-accessing attacker to manipulate data or cause a partial denial of service via multiple pr...
CVE-2025-30710
CVE-2025-30710 detail (Oracle MySQL Cluster/NDBCluster Plugin): A vulnerability in MySQL Cluster (NDBCluster Plugin) affects Oracle MySQL Cluster versions 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The issue allows a high-privilege attacker with network access via multiple protocols to cause a h...
CVE-2017-3322
The CVE-2017-3322 entry applies to Oracle MySQL Cluster (Cluster: NDBAPI). Affected: MySQL Cluster component versions 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier. Issue: a vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise MySQ...
CVE-2017-3304
CVE-2017-3304 concerns the MySQL Cluster DD subcomponent in Oracle MySQL. The vulnerability affects listed 7.2.x/7.3.x/7.4.x/7.5.x releases (7.2.27, 7.3.16, 7.4.14, 7.5.5 and earlier). An attacker with low privileges who can access the service over a network and using multiple protocols can poten...
CVE-2018-2877
CVE-2018-2877 affects Oracle MySQL Cluster (subcomponent: Cluster: ndbcluster/plugin). Affected are MySQL Cluster versions 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier, and 7.5.5 and earlier. The vulnerability allows a low-privilege attacker who can log on to the infrastructure wher...
CVE-2017-3323
CVE-2017-3323 affects Oracle MySQL Cluster (Cluster: General) with affected 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier. The vulnerability is described as a difficult-to-exploit, unauthenticated remote issue over multiple protocols that can lead to a partial denial of service in My...
CVE-2025-53023
CVE-2025-53023 is a MySQL Server vulnerability in the replication component. Affected are MySQL 8.0.0–8.0.42. The issue allows a high-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (DOS) of MySQL Server. The CVSS v3.1 base score is 4.9 (Availabi...
CVE-2026-21936
CVE-2026-21936 affects Oracle MySQL Server, specifically the InnoDB component. Affected versions are MySQL 8.0.0–8.0.44, 8.4.0–8.4.7, and 9.0.0–9.5.0. The flaw enables a high-privilege attacker with network access via multiple protocols to cause a hang or a complete DOS on MySQL Server. Several c...
CVE-2026-46863
Technical details for CVE-2026-46863 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-50068
CVE-2025-50068 is applicable to Oracle MySQL Cluster (Cluster: General). Affected are MySQL Cluster versions 8.0.0–8.0.42, 8.4.0–8.4.5, and 9.0.0–9.3.0. The vulnerability is described as easily exploitable with a high-privileged attacker who can log on to the infrastructure where MySQL Cluster ru...