CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21633 – mysql: Server: Replication unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21633
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2022-21626 – OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
https://notcve.org/view.php?id=CVE-2022-21626
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to caus... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21640 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21640
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21637 – mysql: InnoDB unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21637
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39410 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-39410
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21592 – mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21592
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). • https://security.netapp.com/advisory/ntap-20221028-0013 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-42004 – jackson-databind: use of deeply nested arrays
https://notcve.org/view.php?id=CVE-2022-42004
02 Oct 2022 — In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. En FasterXML jackson-databind versiones anteriores a 2.13.4, el agotamiento de los recursos puede ocurrir debido a una falta de comprobación en BeanDeserializer._deserializeFromArray para impedir el uso de arrays profundamente anidados. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-42003 – jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
https://notcve.org/view.php?id=CVE-2022-42003
02 Oct 2022 — In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobación en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funció... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-2764 – Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
https://notcve.org/view.php?id=CVE-2022-2764
01 Sep 2022 — A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. Se ha encontrado un fallo en Undertow. Puede producirse una denegación de servicio ya que el servidor de Undertow espera eternamente el LAST_CHUNK para las invocaciones EJB A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from... • https://bugzilla.redhat.com/show_bug.cgi?id=2117506 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 1CVE-2022-36033 – jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled
https://notcve.org/view.php?id=CVE-2022-36033
29 Aug 2022 — jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Securit... • https://github.com/jhy/jsoup/releases/tag/jsoup-1.15.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •