Lucene search
+L
OracleMysql Connectors

18 matches found

cve
cve
added 2020/04/21 1:45 p.m.825 views

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

7.5CVSS7.5AI score0.53336EPSS
cve
cve
added 2021/03/25 2:25 p.m.818 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
cve
cve
added 2021/08/24 2:50 p.m.766 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
cve
cve
added 2021/08/24 2:50 p.m.713 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
cve
cve
added 2023/04/18 7:54 p.m.576 views

CVE-2023-21971

CVE-2023-21971 concerns Oracle MySQL Connectors, specifically the Connector/J component. Affected are 8.0.32 and earlier versions. The vulnerability, described as difficult to exploit, allows a high-privilege attacker with network access via multiple protocols to compromise MySQL Connectors. Impa...

5.3CVSS5.2AI score0.01286EPSS
cve
cve
added 2021/03/25 2:25 p.m.564 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
cve
cve
added 2022/02/24 12:0 a.m.380 views

CVE-2022-21824

CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...

8.2CVSS8.1AI score0.21514EPSS
cve
cve
added 2022/01/19 11:25 a.m.323 views

CVE-2022-21363

CVE-2022-21363 affects Oracle MySQL Connectors (Connector/J). Affected versions are 8.0.27 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to take over MySQL Connectors. Base score 6.6 (CVSS-3.1). Exploitation details, vectors, and fixes...

6.6CVSS6AI score0.0132EPSS
cve
cve
added 2022/02/24 6:27 p.m.301 views

CVE-2021-44531

CVE-2021-44531 affects Node.js and stems from improper handling of URI SAN types in X.509 certificate hostname verification. Older Node.js releases accepted URI SANs by default and could bypass name-constrained intermediates when PKIs aren’t defined for that SAN type; URI matching could also fail...

7.4CVSS7.5AI score0.08373EPSS
cve
cve
added 2019/11/08 2:46 p.m.299 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
cve
cve
added 2022/02/24 6:27 p.m.270 views

CVE-2021-44533

CVE-2021-44533 affects Node.js by improper handling of multi-value Relative Distinguished Names, potentially allowing bypass of certificate subject verification. Affected are Node.js versions < 12.22.9, < 14.18.3, < 16.13.2, and

5.3CVSS6.3AI score0.09358EPSS
cve
cve
added 2022/02/24 6:27 p.m.261 views

CVE-2021-44532

CVE-2021-44532 affects Node.js where SAN handling converts Subject Alternative Names to a string to validate hostnames. The vulnerability allows bypass of certificate name constraints when present in a certificate chain. Affected versions include Node.js <12.22.9, <14.18.3, <16.13.2, and

5.3CVSS6.6AI score0.10364EPSS
cve
cve
added 2021/10/20 10:49 a.m.247 views

CVE-2021-2471

CVE-2021-2471 affects Oracle MySQL Connectors (Connector/J) up to and including 8.0.26. The root cause is an XXE vulnerability in MySQL Connector/J where unsafe XML parsing (DOMSource path via DocumentBuilder) can be triggered by crafted XML input, enabling an attacker with network access via mul...

7.9CVSS5.5AI score0.07318EPSS
Web
cve
cve
added 2019/01/16 7:0 p.m.196 views

CVE-2019-2435

CVE-2019-2435 affects Oracle MySQL Connectors (Connector/Python). Affected: MySQL Connectors 8.0.13 and earlier, and 2.1.8 and earlier. Attack requires network access via TLS and user interaction; can lead to unauthorized data access or modification within MySQL Connectors. Some connected advisor...

8.1CVSS7.4AI score0.02518EPSS
cve
cve
added 2025/04/15 8:31 p.m.121 views

CVE-2025-30706

CVE-2025-30706 — Oracle MySQL Connectors (Connector/J) is a vulnerability affecting MySQL Connector/J in Oracle MySQL, with affected versions 9.0.0–9.2.0. The issue allows a low-privilege, network-based attacker to take over the Connector/J component through multiple protocols. It is rated CVSS 3...

7.5CVSS6.9AI score0.00552EPSS
cve
cve
added 2017/04/24 7:0 p.m.114 views

CVE-2017-3586

CVE-2017-3586 affects Oracle MySQL Connector/J (MySQL Connectors). A vulnerability in Connector/J impacts versions 5.1.41 and earlier, where a low-privilege, network-based attacker can compromise the connector via multiple protocols, potentially allowing unauthorized update/insert/delete and read...

6.4CVSS5.3AI score0.01713EPSS
cve
cve
added 2025/04/15 8:31 p.m.111 views

CVE-2025-30714

CVE-2025-30714 affects Oracle MySQL Connectors (Connector/Python) for MySQL, specifically the Connector/Python component in MySQL Connectors versions 9.0.0–9.2.0. The vulnerability arises from a flaw in the Connector/Python implementation that could allow a low-privilege, network-located attacker...

4.8CVSS3.9AI score0.00386EPSS
cve
cve
added 2024/10/15 7:52 p.m.82 views

CVE-2024-21262

CVE-2024-21262 (MySQL Connectors, Connector/ODBC) Vulnerability in Oracle MySQL Connectors (Connector/ODBC) affecting 9.0.0 and earlier. Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors, potentially causing unauthorized updates/inserts/deletes to...

6.5CVSS5.8AI score0.00547EPSS