CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21531 – mysql: InnoDB unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21531
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts)... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21530
https://notcve.org/view.php?id=CVE-2025-21530
21 Jan 2025 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21529 – mysql: Information Schema unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21529
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (A... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21528
https://notcve.org/view.php?id=CVE-2025-21528
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than th... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21527
https://notcve.org/view.php?id=CVE-2025-21527
21 Jan 2025 — Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21526
https://notcve.org/view.php?id=CVE-2025-21526
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21525 – mysql: DDL unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21525
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability imp... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21524
https://notcve.org/view.php?id=CVE-2025-21524
21 Jan 2025 — Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21523 – mysql: InnoDB unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21523
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts)... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21522 – mysql: Parser unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21522
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability i... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-770: Allocation of Resources Without Limits or Throttling •