Skip to main content

Oncommand Insight

802 CVEs product

Monthly

CVE-2021-35565 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.9%
CVE-2021-35564 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
5.2%
CVE-2021-35561 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.5%
CVE-2021-35560 HIGH PATCH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java Openjdk E Series Santricity Os Controller +4
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2021-35559 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
14.8%
CVE-2021-35556 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-35550 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +11
NVD
CVSS 3.1
5.9
EPSS
6.9%
CVE-2021-35546 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-35537 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-2481 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-2479 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2478 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2021-37137 Maven HIGH PATCH This Week

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Banking Apis Banking Digital Experience Commerce Guided Search +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2021-37136 Maven HIGH PATCH This Week

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Quarkus Banking Apis Banking Digital Experience +15
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2021-29745 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29679 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-3711 Cargo CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2021-22931 CRITICAL POC PATCH THREAT Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Node.js Node Js Active Iq Unified Manager +8
NVD
CVSS 3.1
9.8
EPSS
22.0%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-36222 HIGH PATCH This Week

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Debian Linux Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
7.5
EPSS
10.3%
CVE-2021-2444 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-2441 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-2440 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-2437 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-2429 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
5.9
EPSS
41.5%
CVE-2021-2427 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2021-2426 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2425 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2424 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2422 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2418 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-2417 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
6.0
EPSS
1.7%
CVE-2021-2412 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2411 LOW Monitor

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Cluster Oncommand Insight
NVD
CVSS 3.1
3.7
EPSS
1.7%
CVE-2021-2410 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2402 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2399 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-2390 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
5.9
EPSS
4.3%
CVE-2021-2389 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
5.9
EPSS
8.2%
CVE-2021-2387 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2021-2385 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Fedora Oncommand Insight +2
NVD
CVSS 3.1
5.0
EPSS
1.9%
CVE-2021-2384 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2021-2383 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2374 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.1). No vendor patch available.

Oracle Authentication Bypass Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.1
EPSS
0.5%
CVE-2021-2372 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.4
EPSS
3.0%
CVE-2021-2370 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.5%
CVE-2021-2367 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2357 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2356 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2021-2354 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2021-2352 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2021-2342 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Fedora Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2340 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Oncommand Insight +2
NVD
CVSS 3.1
2.7
EPSS
2.3%
CVE-2021-2339 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2021-36090 Maven HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis Banking Digital Experience Banking Enterprise Default Management +30
NVD
CVSS 3.1
7.5
EPSS
12.9%
CVE-2021-35517 Maven HIGH PATCH This Week

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Apis +23
NVD
CVSS 3.1
7.5
EPSS
10.6%
CVE-2021-35516 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +20
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2021-35515 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +22
NVD
CVSS 3.1
7.5
EPSS
11.6%
CVE-2021-20461 MEDIUM This Month

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22901 HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption RCE Curl +25
NVD GitHub
CVSS 3.1
8.1
EPSS
60.1%
CVE-2021-20293 Maven MEDIUM This Month

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Resteasy Oncommand Insight
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-3517 Ruby HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 Jboss Core Services Enterprise Linux +25
NVD
CVSS 3.1
8.6
EPSS
8.3%
CVE-2021-29489 npm MEDIUM PATCH This Month

Highcharts JS is a JavaScript charting library based on SVG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Highcharts Cloud Backup Oncommand Insight Oncommand Workflow Automation +1
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-2308 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2021-2307 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-2305 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-2304 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-2301 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2021-2300 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-2299 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-2298 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-2293 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2278 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2232 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
1.9
EPSS
0.4%
CVE-2021-2230 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2226 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-2217 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2215 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2213 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2212 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2208 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-2203 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2202 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-2201 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2021-2196 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2021-2194 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +4
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2021-2193 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2180 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2021-2179 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
EPSS 7% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java +6
NVD
EPSS 15% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java +14
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +14
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +13
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Banking Apis +10
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Quarkus +17
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Cognos Analytics +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

IBM RCE Code Injection +2
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +27
NVD
EPSS 88% CVSS 9.8
CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux +29
NVD
EPSS 22% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Node.js +10
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl +18
NVD VulDB
EPSS 10% CVSS 7.5
HIGH PATCH This Week

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 +6
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 41% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 6.0
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Cluster +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 4% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow Oracle +2
NVD
EPSS 8% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server +6
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +1
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.1). No vendor patch available.

Oracle Authentication Bypass Mysql Server +2
NVD
EPSS 3% CVSS 4.4
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server +6
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server +4
NVD
EPSS 2% CVSS 2.7
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 13% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis +32
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +25
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +22
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +24
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Analytics +1
NVD
EPSS 60% CVSS 8.1
HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption +27
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Resteasy Oncommand Insight
NVD
EPSS 8% CVSS 8.6
HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 +27
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Highcharts JS is a JavaScript charting library based on SVG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Highcharts Cloud Backup +3
NVD GitHub
EPSS 1% CVSS 2.7
LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL +4
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +5
NVD
Prev Page 4 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy