CVE-2021-35598 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35598
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. • https://security.netapp.com/advisory/ntap-20211022-0003 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.zerodayinitiative.com/advisories/ZDI-21-1230 • CWE-129: Improper Validation of Array Index •
CVE-2021-35594 – Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35594
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. • https://security.netapp.com/advisory/ntap-20211022-0003 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.zerodayinitiative.com/advisories/ZDI-21-1227 • CWE-129: Improper Validation of Array Index •
CVE-2021-35593 – Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35593
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. • https://security.netapp.com/advisory/ntap-20211022-0003 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.zerodayinitiative.com/advisories/ZDI-21-1229 • CWE-787: Out-of-bounds Write •
CVE-2021-35590 – Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35590
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. • https://security.netapp.com/advisory/ntap-20211022-0003 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.zerodayinitiative.com/advisories/ZDI-21-1226 • CWE-787: Out-of-bounds Write •
CVE-2021-22931 – nodejs: Improper handling of untypical characters in domain names
https://notcve.org/view.php?id=CVE-2021-22931
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. Node.js versiones anteriores a 16.6.0, 14.17.4 y 12.22.4, es vulnerable a una Ejecución de Código Remota , ataques de tipo XSS, bloqueo de Aplicaciones debido a una falta de comprobación de entrada de los nombres de host devueltos por los Servidores de Nombres de Dominio en la librería dns de Node.js, que puede conllevar a la salida de nombres de host erróneos (conllevando al Secuestro de Dominio) y vulnerabilidades de inyección en aplicaciones que usan la librería. A flaw was found in Node.js. These vulnerabilities include remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1178337 https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases https://security.gentoo.org/glsa/202401-02 https://security.netapp.com/advisory/ntap-20210923-0001 https://security.netapp.com/advisory/ntap-20211022-0003 https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https: • CWE-20: Improper Input Validation CWE-170: Improper Null Termination •