18 matches found
CVE-2020-1967
CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...
CVE-2021-3449
CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...
CVE-2021-3711
CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...
CVE-2021-3712
The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...
CVE-2023-21971
CVE-2023-21971 concerns Oracle MySQL Connectors, specifically the Connector/J component. Affected are 8.0.32 and earlier versions. The vulnerability, described as difficult to exploit, allows a high-privilege attacker with network access via multiple protocols to compromise MySQL Connectors. Impa...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2022-21824
CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...
CVE-2022-21363
CVE-2022-21363 affects Oracle MySQL Connectors (Connector/J). Affected versions are 8.0.27 and earlier. The vulnerability allows a high-privileged attacker with network access via multiple protocols to take over MySQL Connectors. Base score 6.6 (CVSS-3.1). Exploitation details, vectors, and fixes...
CVE-2021-44531
CVE-2021-44531 affects Node.js and stems from improper handling of URI SAN types in X.509 certificate hostname verification. Older Node.js releases accepted URI SANs by default and could bypass name-constrained intermediates when PKIs aren’t defined for that SAN type; URI matching could also fail...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2021-44533
CVE-2021-44533 affects Node.js by improper handling of multi-value Relative Distinguished Names, potentially allowing bypass of certificate subject verification. Affected are Node.js versions < 12.22.9, < 14.18.3, < 16.13.2, and
CVE-2021-44532
CVE-2021-44532 affects Node.js where SAN handling converts Subject Alternative Names to a string to validate hostnames. The vulnerability allows bypass of certificate name constraints when present in a certificate chain. Affected versions include Node.js <12.22.9, <14.18.3, <16.13.2, and
CVE-2021-2471
CVE-2021-2471 affects Oracle MySQL Connectors (Connector/J) up to and including 8.0.26. The root cause is an XXE vulnerability in MySQL Connector/J where unsafe XML parsing (DOMSource path via DocumentBuilder) can be triggered by crafted XML input, enabling an attacker with network access via mul...
CVE-2019-2435
CVE-2019-2435 affects Oracle MySQL Connectors (Connector/Python). Affected: MySQL Connectors 8.0.13 and earlier, and 2.1.8 and earlier. Attack requires network access via TLS and user interaction; can lead to unauthorized data access or modification within MySQL Connectors. Some connected advisor...
CVE-2025-30706
CVE-2025-30706 — Oracle MySQL Connectors (Connector/J) is a vulnerability affecting MySQL Connector/J in Oracle MySQL, with affected versions 9.0.0–9.2.0. The issue allows a low-privilege, network-based attacker to take over the Connector/J component through multiple protocols. It is rated CVSS 3...
CVE-2017-3586
CVE-2017-3586 affects Oracle MySQL Connector/J (MySQL Connectors). A vulnerability in Connector/J impacts versions 5.1.41 and earlier, where a low-privilege, network-based attacker can compromise the connector via multiple protocols, potentially allowing unauthorized update/insert/delete and read...
CVE-2025-30714
CVE-2025-30714 affects Oracle MySQL Connectors (Connector/Python) for MySQL, specifically the Connector/Python component in MySQL Connectors versions 9.0.0–9.2.0. The vulnerability arises from a flaw in the Connector/Python implementation that could allow a low-privilege, network-located attacker...
CVE-2024-21262
CVE-2024-21262 (MySQL Connectors, Connector/ODBC) Vulnerability in Oracle MySQL Connectors (Connector/ODBC) affecting 9.0.0 and earlier. Unauthenticated attacker with network access via multiple protocols can compromise MySQL Connectors, potentially causing unauthorized updates/inserts/deletes to...