CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35613 – Ubuntu Security Notice USN-5123-1
https://notcve.org/view.php?id=CVE-2021-35613
20 Oct 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). • https://security.netapp.com/advisory/ntap-20211022-0003 •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2021-35598 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35598
20 Oct 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20211022-0003 • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2021-35594 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35594
20 Oct 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20211022-0003 • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35593 – Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35593
20 Oct 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20211022-0003 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2021-35592 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35592
20 Oct 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerabi... • https://security.netapp.com/advisory/ntap-20211022-0003 • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-35590 – Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35590
20 Oct 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks... • https://security.netapp.com/advisory/ntap-20211022-0003 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35584
https://notcve.org/view.php?id=CVE-2021-35584
20 Oct 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.3 (Availability impacts). • https://security.netapp.com/advisory/ntap-20211022-0003 •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 1CVE-2021-22939 – nodejs: Incomplete validation of tls rejectUnauthorized parameter
https://notcve.org/view.php?id=CVE-2021-22939
16 Aug 2021 — If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. Si la API https de Node.js, era usada incorrectamente y se pasaba "undefined" para el parámetro "rejectUnauthorized", no fue devuelto ningún error y se aceptaban las conexiones a servidores con un certificado caducado. A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly ... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 1CVE-2021-22931 – nodejs: Improper handling of untypical characters in domain names
https://notcve.org/view.php?id=CVE-2021-22931
16 Aug 2021 — Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. Node.js versiones anteriores a 16.6.0, 14.17.4 y 12.22.4, es vulnerable a una Ejecución de Código Remota , ataques de tipo XSS, bloqueo de Aplicaciones debido a un... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-20: Improper Input Validation CWE-170: Improper Null Termination •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2411
https://notcve.org/view.php?id=CVE-2021-2411
20 Jul 2021 — Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •