CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21238 – mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024)
https://notcve.org/view.php?id=CVE-2024-21238
15 Oct 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Avai... • https://www.oracle.com/security-alerts/cpuoct2024.html •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21230 – mysql: Optimizer unspecified vulnerability (CPU Oct 2024)
https://notcve.org/view.php?id=CVE-2024-21230
15 Oct 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availabilit... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21218 – mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
https://notcve.org/view.php?id=CVE-2024-21218
15 Oct 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts)... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21203 – mysql: FTS unspecified vulnerability (CPU Oct 2024)
https://notcve.org/view.php?id=CVE-2024-21203
15 Oct 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability imp... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21177 – Ubuntu Security Notice USN-6934-1
https://notcve.org/view.php?id=CVE-2024-21177
16 Jul 2024 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://www.oracle.com/security-alerts/cpujul2024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21860
https://notcve.org/view.php?id=CVE-2023-21860
18 Jan 2023 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Succes... • https://www.oracle.com/security-alerts/cpujan2023.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 33%CPEs: 9EXPL: 0CVE-2022-21550 – Oracle MySQL Cluster Data Node Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-21550
19 Jul 2022 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior and and 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful att... • https://security.netapp.com/advisory/ntap-20220729-0004 •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21519
https://notcve.org/view.php?id=CVE-2022-21519
19 Jul 2022 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 5.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220729-0004 •
CVSS: 9.8EPSS: 30%CPEs: 8EXPL: 0CVE-2022-21490 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-21490
19 Apr 2022 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 1CVE-2021-44533 – nodejs: Incorrect handling of certificate subject and issuer fields
https://notcve.org/view.php?id=CVE-2021-44533
24 Feb 2022 — Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulner... • https://hackerone.com/reports/1429694 • CWE-295: Improper Certificate Validation •