CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-21437 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21437
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21436 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21436
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21435 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21435
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21423 – mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21423
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21418 – mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21418
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server ac... • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21415 – mysql: Server: Replication unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21415
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21414 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21414
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2022-21413 – mysql: Server: DML unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21413
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 1CVE-2021-44533 – nodejs: Incorrect handling of certificate subject and issuer fields
https://notcve.org/view.php?id=CVE-2021-44533
24 Feb 2022 — Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulner... • https://hackerone.com/reports/1429694 • CWE-295: Improper Certificate Validation •
CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 1CVE-2021-44532 – nodejs: Certificate Verification Bypass via String Injection
https://notcve.org/view.php?id=CVE-2021-44532
24 Feb 2022 — Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This beha... • https://hackerone.com/reports/1429694 • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •