CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21920 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21920
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230427-0007 https://www.oracle.com/security-alerts/cpuapr2023.html https://access.redhat.com/security/cve/CVE-2023-21920 https:&#x •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21919 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21919
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230427-0007 https://www.oracle.com/security-alerts/cpuapr2023.html https://access.redhat.com/security/cve/CVE-2023-21919 https:&#x •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21911 – mysql: InnoDB unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21911
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230427-0007 https://www.oracle.com/security-alerts/cpuapr2023.html https://access.redhat.com/security/cve/CVE-2023-21911 https:&#x •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2022-43551 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. • https://hackerone.com/reports/1755083 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230427-0007 https://access.redhat.com/security/cve/CVE-2022-43551 https://bugzilla.redhat.com/show_bug.cgi?id=2152639 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 3CVE-2022-43680 – expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
https://notcve.org/view.php?id=CVE-2022-43680
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. En libexpat versiones hasta 2.4.9, se presenta un uso de memoria previamente liberada causado por la destrucción excesiva de un DTD compartido en XML_ExternalEntityParserCreate en situaciones fuera de memoria A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions. • http://www.openwall.com/lists/oss-security/2023/12/28/5 http://www.openwall.com/lists/oss-security/2024/01/03/5 https://github.com/libexpat/libexpat/issues/649 https://github.com/libexpat/libexpat/pull/616 https://github.com/libexpat/libexpat/pull/650 https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE https://lists.fedoraproject.org/archives/list&#x • CWE-416: Use After Free •