Skip to main content

Mysql Server

215 CVEs product

Monthly

CVE-2021-2412 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2410 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2402 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2399 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-2390 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
5.9
EPSS
4.3%
CVE-2021-2389 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
5.9
EPSS
8.2%
CVE-2021-2387 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2021-2385 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Fedora Oncommand Insight +2
NVD
CVSS 3.1
5.0
EPSS
1.9%
CVE-2021-2384 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2021-2383 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2374 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.1). No vendor patch available.

Oracle Authentication Bypass Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.1
EPSS
0.5%
CVE-2021-2372 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.4
EPSS
3.0%
CVE-2021-2370 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.5%
CVE-2021-2367 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2342 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Fedora Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-22901 HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption RCE Curl +25
NVD GitHub
CVSS 3.1
8.1
EPSS
60.1%
CVE-2021-22898 LOW POC PATCH Monitor

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Communications Cloud Native Core Binding Support Function +8
NVD GitHub
CVSS 3.1
3.1
EPSS
0.1%
CVE-2021-22897 MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function +18
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-3450 Cargo HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd Santricity Smi S Provider Firmware Storagegrid Firmware +29
NVD
CVSS 3.1
7.4
EPSS
18.3%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-21351 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.1
EPSS
82.1%
CVE-2021-21348 Maven HIGH PATCH This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Oncommand Insight Activemq Jmeter +13
NVD GitHub
CVSS 3.1
7.5
EPSS
13.8%
CVE-2021-21344 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.0%
CVE-2021-23841 Cargo MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Nessus Network Monitor +20
NVD
CVSS 3.1
5.9
EPSS
7.5%
CVE-2021-23840 Cargo HIGH PATCH This Week

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Denial Of Service Debian Linux Log Correlation Engine +18
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-28196 HIGH PATCH This Week

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5 Fedora Active Iq Unified Manager Cloud Backup +7
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-2897 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Business Intelligence Enterprise Manager Base Platform Mysql Server
NVD
CVSS 3.1
6.4
EPSS
0.9%
CVE-2019-5482 CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl Fedora Leap +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-5481 CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora Cloud Backup Steelstore +8
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-5443 HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE Curl Enterprise Manager Ops Center +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-5436 HIGH POC PATCH THREAT Act Now

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Heap Overflow Buffer Overflow RCE Libcurl Leap +9
NVD VulDB
CVSS 3.1
7.8
EPSS
13.3%
CVE-2019-3822 CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2012-1696 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Mysql Community Server Mysql Server +1
NVD
CVSS 2.0
4.0
EPSS
0.7%
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 4% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow Oracle +2
NVD
EPSS 8% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server +6
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.1). No vendor patch available.

Oracle Authentication Bypass Mysql Server +2
NVD
EPSS 3% CVSS 4.4
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server +6
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server +4
NVD
EPSS 60% CVSS 8.1
HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption +27
NVD GitHub
EPSS 0% CVSS 3.1
LOW POC PATCH Monitor

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Debian Linux +10
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function +20
NVD GitHub VulDB
EPSS 18% CVSS 7.4
HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd +31
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 82% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 14% CVSS 7.5
HIGH PATCH This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Oncommand Insight +15
NVD GitHub
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +22
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Denial Of Service +20
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 4% CVSS 7.5
HIGH PATCH This Week

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5 Fedora +9
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Business Intelligence +2
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl +16
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora +10
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE +9
NVD
EPSS 13% CVSS 7.8
HIGH POC PATCH THREAT Act Now

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Heap Overflow Buffer Overflow RCE +11
NVD VulDB
EPSS 13% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl +15
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +3
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy