Oracle

Mysql Server

260 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-23841

  • EPSS 0.67%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Veröffentlicht 08.12.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

7.5

CVE-2020-28196

  • EPSS 0.38%
  • Veröffentlicht 06.11.2020 08:15:13
  • Zuletzt bearbeitet 21.11.2024 05:22:27

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.4

CVE-2019-2897

  • EPSS 0.33%
  • Veröffentlicht 16.10.2019 18:15:27
  • Zuletzt bearbeitet 21.11.2024 04:41:45

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p...

9.8

CVE-2019-5481

  • EPSS 4.69%
  • Veröffentlicht 16.09.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 04:45:01

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

9.8

CVE-2019-5482

  • EPSS 10.79%
  • Veröffentlicht 16.09.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 04:45:01

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

7.8

CVE-2019-5443

  • EPSS 0.95%
  • Veröffentlicht 02.07.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:56

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privile...

7.8

CVE-2019-5436

Exploit
  • EPSS 29.54%
  • Veröffentlicht 28.05.2019 19:29:06
  • Zuletzt bearbeitet 21.11.2024 04:44:55

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

9.8

CVE-2019-3822

Exploit
  • EPSS 26.44%
  • Veröffentlicht 06.02.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:36

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents...