Mysql Enterprise Monitor Security Vulnerabilities and Issues — Mysql Enterprise Monitor CVE List

Lucene search

OracleMysql Enterprise Monitor

11 matches found

CVE•added 2022/04/01 11:15 p.m.•2266 views

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS8.7AI score0.94464EPSS

In wildWeb

CVE•added 2022/04/01 11:15 p.m.•1479 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

9.8CVSS9.5AI score0.94474EPSS

In wildWeb

CVE•added 2022/01/18 4:15 p.m.•736 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configura...

8.8CVSS9.3AI score0.72202EPSS

In wild

CVE•added 2022/01/18 4:15 p.m.•646 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

9CVSS9.2AI score0.00752EPSS

CVE•added 2022/01/18 4:15 p.m.•617 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings int...

9.8CVSS9.4AI score0.14136EPSS

Web

CVE•added 2022/01/27 1:15 p.m.•378 views

CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is usin...

7CVSS7.2AI score0.93247EPSS

CVE•added 2022/02/24 7:15 p.m.•276 views

CVE-2022-21824

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto ". The prototype pollution has...

8.2CVSS8.1AI score0.00335EPSS

CVE•added 2022/02/24 7:15 p.m.•246 views

CVE-2021-44531

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and

7.4CVSS7.5AI score0.00148EPSS

CVE•added 2022/04/14 9:15 p.m.•245 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field,...

5.3CVSS5.4AI score0.22751EPSS

CVE•added 2022/02/24 7:15 p.m.•237 views

CVE-2021-44533

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and

5.3CVSS6.3AI score0.00268EPSS

CVE•added 2022/02/24 7:15 p.m.•227 views

CVE-2021-44532

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and

5.3CVSS6.6AI score0.00097EPSS