CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21929 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21929
18 Apr 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21920 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21920
18 Apr 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21919 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21919
18 Apr 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21911 – mysql: InnoDB unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21911
18 Apr 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2022-43551 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-43551
23 Dec 2022 — A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the comm... • https://hackerone.com/reports/1755083 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38733
https://notcve.org/view.php?id=CVE-2022-38733
20 Dec 2022 — OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component. Las versiones 7.3.1 a 7.3.14 de OnCommand Insight son susceptibles a una vulnerabilidad de omisión de autenticación en el componente de almacén de datos. • https://security.netapp.com/advisory/NTAP-20221220-0001 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21589 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21589
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). • https://security.netapp.com/advisory/ntap-20221028-0013 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21592 – mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21592
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). • https://security.netapp.com/advisory/ntap-20221028-0013 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21594 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21594
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2022-21595 – mysql: C API unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21595
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://security.netapp.com/advisory/ntap-20221028-0013 •