Lucene search
+L
OracleMysql Cluster

49 matches found

CVE
CVE
added 2021/08/16 12:0 a.m.451 views

CVE-2021-22931

CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...

9.8CVSS9.9AI score0.21952EPSS
CVE
CVE
added 2020/07/24 9:45 p.m.405 views

CVE-2020-8174

CVE-2020-8174 is a Node.js vulnerability where napi_get_value_string_*() can trigger memory corruption in affected releases. Affected are Node.js runtimes prior to 10.21.0, 12.18.0, and prior to 14.4.0. Documented mitigations/include patches update Node.js to 10.21.0, 12.18.2, and 14.4.0 respecti...

9.3CVSS8.1AI score0.07646EPSS
CVE
CVE
added 2020/11/19 12:32 a.m.391 views

CVE-2020-8277

CVE-2020-8277 centers on a DoS due to DNS resolution behavior in Node.js (triggering requests that cause many DNS responses). Public details in the initial CVE describe the impact and fixed versions: Node.js releases 15.2.1, 14.15.1, and 12.19.1 address the issue. Connected documents show affecte...

7.5CVSS7.3AI score0.54164EPSS
CVE
CVE
added 2022/02/24 12:0 a.m.380 views

CVE-2022-21824

CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...

8.2CVSS8.1AI score0.21514EPSS
CVE
CVE
added 2021/03/03 5:37 p.m.346 views

CVE-2021-22884

CVE-2021-22884 affects Node.js runtimes prior to 10.24.0, 12.21.0, 14.16.0 and 15.10.0, where the DNS rebinding protection can be bypassed due to a whitelist entry for “localhost6”. If an attacker controls or spoofs the victim’s DNS responses, they can exploit the DNS rebinding weakness to connec...

7.5CVSS7.5AI score0.32362EPSS
CVE
CVE
added 2021/03/03 5:38 p.m.342 views

CVE-2021-22883

Node.js versions prior to 10.24.0, 12.21.0, 14.16.0, and 15.10.0 are vulnerable to a denial-of-service from excessive unknownProtocol connection attempts, causing file descriptor leaks and potential memory exhaustion. Affected releases can be mitigated by upgrading to patched releases (e.g., Node...

7.8CVSS7.4AI score0.77385EPSS
CVE
CVE
added 2024/07/16 10:40 p.m.330 views

CVE-2024-21177

CVE-2024-21177 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.37 and earlier, 8.4.0 and earlier. Issue: low-privileged attacker with network access via multiple protocols can cause a hang or frequent crash (DoS). CVSS: 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Remediation/p...

6.5CVSS6.4AI score0.0076EPSS
CVE
CVE
added 2021/08/16 12:0 a.m.329 views

CVE-2021-22939

CVE-2021-22939 affects Node.js HTTPS usage where passing undefined for rejectUnauthorized may bypass certificate validation, allowing connections to servers with expired certificates. Root cause: incomplete validation of the tls rejectUnauthorized parameter. Affected ranges vary by release stream...

5.3CVSS7.4AI score0.1473EPSS
CVE
CVE
added 2022/02/24 6:27 p.m.301 views

CVE-2021-44531

CVE-2021-44531 affects Node.js and stems from improper handling of URI SAN types in X.509 certificate hostname verification. Older Node.js releases accepted URI SANs by default and could bypass name-constrained intermediates when PKIs aren’t defined for that SAN type; URI matching could also fail...

7.4CVSS7.5AI score0.08373EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.299 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2025/01/21 8:53 p.m.295 views

CVE-2025-21543

CVE-2025-21543 affects Oracle MySQL Server (component: Server: Packaging). Affects MySQL 8.0.40 and earlier, 8.4.3 and earlier, and 9.1.0 and earlier. An attacker with high privileges who can reach the server over the network via multiple protocols can cause the server to hang or crash (complete ...

4.9CVSS4.4AI score0.00833EPSS
CVE
CVE
added 2022/02/24 6:27 p.m.270 views

CVE-2021-44533

CVE-2021-44533 affects Node.js by improper handling of multi-value Relative Distinguished Names, potentially allowing bypass of certificate subject verification. Affected are Node.js versions < 12.22.9, < 14.18.3, < 16.13.2, and

5.3CVSS6.3AI score0.09358EPSS
CVE
CVE
added 2022/02/24 6:27 p.m.261 views

CVE-2021-44532

CVE-2021-44532 affects Node.js where SAN handling converts Subject Alternative Names to a string to validate hostnames. The vulnerability allows bypass of certificate name constraints when present in a certificate chain. Affected versions include Node.js <12.22.9, <14.18.3, <16.13.2, and

5.3CVSS6.6AI score0.10364EPSS
CVE
CVE
added 2020/06/08 1:8 p.m.214 views

CVE-2020-8172

CVE-2020-8172 affects Node.js TLS session reuse that can bypass host certificate verification in Node.js versions prior to 12.18.0 and 14.4.0. Connected advisories confirm the issue and indicate remediation via upgrading Node.js to patched releases. The ALSA advisory notes the security fix upgrad...

7.4CVSS7.4AI score0.06065EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.208 views

CVE-2025-30722

The CVE-2025-30722 entry concerns Oracle MySQL’s MySQL Client (Client: mysqldump). Affected versions are 8.0.0–8.0.41, 8.4.0–8.4.4 and 9.0.0–9.2.0. The vulnerability is described as difficult to exploit but allows a low-privileged, network-accessing attacker to compromise MySQL Client, potentiall...

6.8CVSS4.8AI score0.00431EPSS
CVE
CVE
added 2025/04/15 8:30 p.m.202 views

CVE-2025-30681

CVE-2025-30681 is a MySQL Server vulnerability in the replication component. Oracle MySQL lists affected versions as 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. It is described as easily exploitable via network access through multiple protocols, with a high-privilege attacker capable of compromis...

2.7CVSS2.3AI score0.00665EPSS
CVE
CVE
added 2018/03/16 1:0 p.m.144 views

CVE-2018-1324

CVE-2018-1324 : Apache Commons Compress multiple advisories describe an infinite‑loop DoS in the Zip extra field parser used by ZipFile/ZipArchiveInputStream (versions 1.11–1.15). A specially crafted ZIP can cause an infinite loop, impacting services that use the library. Public docs confirm this...

5.5CVSS5.3AI score0.03681EPSS
CVE
CVE
added 2025/01/21 8:53 p.m.141 views

CVE-2025-21518

CVE-2025-21518 affects Oracle MySQL Server, specifically the Server: Optimizer component (also listed with related Oracle MySQL Server entries). Affected versions are 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. The vulnerability is exploitable by a low-privilege, network-accessing att...

6.5CVSS5.9AI score0.01034EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.119 views

CVE-2025-30693

CVE-2025-30693 affects Oracle MySQL Server (InnoDB) with vulnerable versions: 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The issue allows a high-privilege attacker with network access over multiple protocols to cause a hang or a complete DoS (frequently-repeating crash) and may enable unauthoriz...

5.5CVSS5AI score0.00869EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.116 views

CVE-2022-21490

CVE-2022-21490 affects Oracle MySQL Cluster (Cluster: General) with affected versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior, and 8.0.28 and prior. The issue enables a high-privilege attacker with access to the hardware’s physical communication segment to takeover the MySQL Cluster;...

6.3CVSS5.6AI score0.78666EPSS
CVE
CVE
added 2025/01/21 8:53 p.m.112 views

CVE-2025-21520

CVE-2025-21520 affects Oracle MySQL Server (component: Server: Options). Affected versions: 8.0.40 and earlier, 8.4.3 and earlier, 9.1.0 and earlier. The description states a high-privilege attacker with logon and user interaction can compromise the server and gain unauthorized read access to a s...

1.8CVSS1.4AI score0.00295EPSS
CVE
CVE
added 2025/04/15 8:30 p.m.110 views

CVE-2025-21574

CVE-2025-21574 affects Oracle MySQL Server (Server: Parser) across 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0, allowing a low-privilege, network-based attacker to cause a hang or crash (DoS). Connected sources confirm the parser component as the vulnerable element and note an exploitation demonst...

6.5CVSS5.9AI score0.00908EPSS
CVE
CVE
added 2025/01/21 8:53 p.m.105 views

CVE-2025-21531

CVE-2025-21531 affects Oracle MySQL Server InnoDB. Affected: 8.0.40 and prior, 8.4.3 and prior, 9.1.0 and prior. An attacker with network access via multiple protocols can cause a hang or complete DOS of MySQL Server. CVSS v3.1 base 4.9 (Availability). The provided docs do not specify a fixed pat...

4.9CVSS4.4AI score0.00985EPSS
CVE
CVE
added 2025/04/15 8:30 p.m.102 views

CVE-2025-21575

CVE-2025-21575 concerns Oracle MySQL Server (Parser component). Affected: MySQL 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The vulnerability is exploitable over the network by a low-privilege attacker via multiple protocols and can cause the MySQL Server to hang or crash (denial of service). No ...

6.5CVSS6.2AI score0.00789EPSS
CVE
CVE
added 2022/07/19 9:7 p.m.100 views

CVE-2022-21550

CVE-2022-21550 affects Oracle MySQL Cluster (Cluster: General). Affected versions include 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior, and 8.0.29 and prior. Exploitation requires high-privilege access via the physical communication segment and user interaction; outcomes can include takeo...

6.3CVSS5.7AI score0.50698EPSS
CVE
CVE
added 2022/07/19 9:6 p.m.96 views

CVE-2022-21519

CVE-2022-21519 : Oracle MySQL Cluster (component: Cluster: General) is affected for versions 8.0.29 and earlier. An unauthenticated attacker with network access via multiple protocols can cause a hang or frequent crash (complete DOS). CVSS v3.1 base score 5.9 (Availability, HIGH). References and ...

5.9CVSS5.3AI score0.01303EPSS
CVE
CVE
added 2023/01/18 12:15 a.m.94 views

CVE-2023-21860

CVE-2023-21860 affects Oracle MySQL Cluster, specifically the Cluster: Internal Operations component. Connected sources confirm insufficient input validation in this component allows a high-privilege attacker with access to the physical network segment to compromise the MySQL Cluster, with exploi...

6.3CVSS5.7AI score0.00605EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.84 views

CVE-2021-35598

CVE-2021-35598 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. The vulnerability allows a highly privileged attacker with access to the hardware’s physical communication segment to take over the MySQL Clus...

6.3CVSS5.6AI score0.50034EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.84 views

CVE-2021-35621

CVE-2021-35621 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster releases 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, 8.0.26 and earlier. Root cause: a vulnerability in the Cluster: General component could let a highly privileged attacker, with access to the...

6.3CVSS5.7AI score0.46751EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.78 views

CVE-2020-14853

CVE-2020-14853 (MySQL Cluster, NDBCluster Plugin) is confirmed in multiple connected sources as a vulnerability affecting Oracle MySQL’s MySQL Cluster with affected versions 8.0.21 and earlier. The flaw can be exploited by a low-privilege, network-accessible attacker via multiple protocols. Succe...

4.9CVSS4.4AI score0.00945EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.77 views

CVE-2021-35590

CVE-2021-35590 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, 8.0.26 and prior. Root cause: input validation error in MySQL Cluster. Impact: high-privilege attacker with access to the hardware communication segment can tak...

6.5CVSS5.6AI score0.88497EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.74 views

CVE-2021-35584

CVE-2021-35584 affects Oracle MySQL Cluster (Cluster: ndbcluster/plugin DDL). Affected: MySQL Cluster 8.0.26 and prior. The vulnerability is described as easily exploitable with network access from multiple protocols by a low-privilege attacker, potentially causing partial denial of service to My...

4.3CVSS3.9AI score0.00978EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.74 views

CVE-2021-35613

CVE-2021-35613 affects Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster 8.0.26 and earlier. An unauthenticated attacker with network access via multiple protocols can compromise MySQL Cluster, resulting in a partial denial of service. The initial description provides CVSS details ...

4.3CVSS3.7AI score0.01497EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.73 views

CVE-2021-2411

CVE-2021-2411 affects Oracle MySQL Cluster (Cluster: JS module) with affected versions 8.0.25 and earlier. The vulnerability is exploitable by an unauthenticated attacker over network via multiple protocols, leading to partial denial of service of MySQL Cluster. The connected sources confirm the ...

4.3CVSS3.9AI score0.01659EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.72 views

CVE-2021-35592

CVE-2021-35592 concerns Oracle MySQL Cluster (Cluster: General). Affected: MySQL Cluster versions 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. Root cause: vulnerability in the Cluster: General component that enables a high privileged attacker with access to the hardware’s physical co...

6.3CVSS5.6AI score0.5139EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.71 views

CVE-2021-35593

CVE-2021-35593 corresponds to a vulnerability in Oracle MySQL Cluster (Cluster: General). Affected versions are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. The issue is described as difficult to exploit, requiring high-privilege access in the physical network segme...

6.3CVSS5.6AI score0.50034EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.70 views

CVE-2021-35594

CVE-2021-35594 affects Oracle MySQL Cluster (Cluster: General). Affected versions: 7.4.33 and earlier, 7.5.23 and earlier, 7.6.19 and earlier, and 8.0.26 and earlier. Root cause per description: a vulnerability that is difficult to exploit, exploitable by a highly privileged attacker with access ...

6.3CVSS5.6AI score0.50034EPSS
CVE
CVE
added 2021/10/20 10:50 a.m.69 views

CVE-2021-35618

CVE-2021-35618 affects Oracle MySQL Cluster (Cluster: General) with affected versions 8.0.26 and earlier. The vulnerability in the Cluster General component can permit a highly privileged attacker with physical access to the hardware communication segment to cause partial DoS on MySQL Cluster; ex...

1.8CVSS2AI score0.00655EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.66 views

CVE-2017-3321

CVE-2017-3321 affects Oracle MySQL Cluster’s Cluster: General subcomponent. Affected versions are 7.2.19 and earlier, 7.3.8 and earlier, and 7.4.5 and earlier. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster, leading to a...

4.3CVSS2.8AI score0.0182EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.65 views

CVE-2016-5541

CVE-2016-5541 affects Oracle MySQL Cluster (Cluster: NDBAPI). Affected are MySQL Cluster versions 7.2.26 and earlier, 7.3.14 and earlier, and 7.4.12 and earlier. The issue allows an unauthenticated, network-accessing attacker to manipulate data or cause a partial denial of service via multiple pr...

5.8CVSS4AI score0.04983EPSS
CVE
CVE
added 2025/04/15 8:31 p.m.65 views

CVE-2025-30710

CVE-2025-30710 detail (Oracle MySQL Cluster/NDBCluster Plugin): A vulnerability in MySQL Cluster (NDBCluster Plugin) affects Oracle MySQL Cluster versions 8.0.0–8.0.41, 8.4.0–8.4.4, and 9.0.0–9.2.0. The issue allows a high-privilege attacker with network access via multiple protocols to cause a h...

4.9CVSS4.4AI score0.00555EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.60 views

CVE-2017-3322

The CVE-2017-3322 entry applies to Oracle MySQL Cluster (Cluster: NDBAPI). Affected: MySQL Cluster component versions 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier. Issue: a vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise MySQ...

4.3CVSS3.2AI score0.01561EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.58 views

CVE-2017-3304

CVE-2017-3304 concerns the MySQL Cluster DD subcomponent in Oracle MySQL. The vulnerability affects listed 7.2.x/7.3.x/7.4.x/7.5.x releases (7.2.27, 7.3.16, 7.4.14, 7.5.5 and earlier). An attacker with low privileges who can access the service over a network and using multiple protocols can poten...

5.5CVSS4.2AI score0.01404EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.57 views

CVE-2018-2877

CVE-2018-2877 affects Oracle MySQL Cluster (subcomponent: Cluster: ndbcluster/plugin). Affected are MySQL Cluster versions 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier, and 7.5.5 and earlier. The vulnerability allows a low-privilege attacker who can log on to the infrastructure wher...

5CVSS5AI score0.0047EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.56 views

CVE-2017-3323

CVE-2017-3323 affects Oracle MySQL Cluster (Cluster: General) with affected 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier. The vulnerability is described as a difficult-to-exploit, unauthenticated remote issue over multiple protocols that can lead to a partial denial of service in My...

4.3CVSS3.2AI score0.01561EPSS
CVE
CVE
added 2025/07/15 7:27 p.m.56 views

CVE-2025-53023

CVE-2025-53023 is a MySQL Server vulnerability in the replication component. Affected are MySQL 8.0.0–8.0.42. The issue allows a high-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (DOS) of MySQL Server. The CVSS v3.1 base score is 4.9 (Availabi...

4.9CVSS5.9AI score0.00485EPSS
CVE
CVE
added 2026/01/20 9:56 p.m.41 views

CVE-2026-21936

CVE-2026-21936 affects Oracle MySQL Server, specifically the InnoDB component. Affected versions are MySQL 8.0.0–8.0.44, 8.4.0–8.4.7, and 9.0.0–9.5.0. The flaw enables a high-privilege attacker with network access via multiple protocols to cause a hang or a complete DOS on MySQL Server. Several c...

4.9CVSS4.9AI score0.00337EPSS
CVE
CVE
added 2026/06/16 7:27 p.m.38 views

CVE-2026-46863

Technical details for CVE-2026-46863 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS4.7AI score0.00471EPSS
CVE
CVE
added 2025/07/15 7:27 p.m.33 views

CVE-2025-50068

CVE-2025-50068 is applicable to Oracle MySQL Cluster (Cluster: General). Affected are MySQL Cluster versions 8.0.0–8.0.42, 8.4.0–8.4.5, and 9.0.0–9.3.0. The vulnerability is described as easily exploitable with a high-privileged attacker who can log on to the infrastructure where MySQL Cluster ru...

6.7CVSS6.7AI score0.0017EPSS