Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2628 | 5 Canonical, Mariadb, Opensuse and 2 more | 8 Ubuntu Linux, Mariadb, Leap and 5 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2015-6527 | 1 Php | 1 Php | 2022-08-05 | 7.5 HIGH | 7.3 HIGH |
| The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. | |||||
| CVE-2017-10365 | 3 Mariadb, Netapp, Oracle | 9 Mariadb, Active Iq Unified Manager, Oncommand Balance and 6 more | 2022-08-05 | 5.5 MEDIUM | 3.8 LOW |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). | |||||
| CVE-2013-1523 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2022-08-05 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. | |||||
| CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2022-08-05 | 4.6 MEDIUM | N/A |
| The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | |||||
| CVE-2017-3456 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2015-4879 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2022-08-05 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. | |||||
| CVE-2017-10320 | 3 Mariadb, Netapp, Oracle | 9 Mariadb, Active Iq Unified Manager, Oncommand Balance and 6 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2016-5630 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||||
| CVE-2016-5629 | 3 Mariadb, Oracle, Redhat | 8 Mariadb, Mysql, Enterprise Linux Desktop and 5 more | 2022-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. | |||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2022-08-05 | N/A | 9.8 CRITICAL |
| Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | |||||
| CVE-2021-35582 | 1 Oracle | 1 Applications Manager | 2022-08-05 | 6.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Manager. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). | |||||
| CVE-2022-37315 | 1 Graphql-go Project | 1 Graphql-go | 2022-08-05 | N/A | 7.5 HIGH |
| graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. | |||||
| CVE-2022-34527 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2022-08-05 | N/A | 8.8 HIGH |
| D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | |||||
| CVE-2021-32508 | 1 Qsan | 1 Storage Manager | 2022-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32620 | 1 Xwiki | 1 Xwiki | 2022-08-05 | 4.0 MEDIUM | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor. | |||||
| CVE-2021-32619 | 1 Deno | 1 Deno | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2. | |||||
| CVE-2022-34528 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2022-08-05 | N/A | 8.8 HIGH |
| D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. | |||||
| CVE-2022-34531 | 1 Dedecms | 1 Dedecms | 2022-08-05 | N/A | 9.8 CRITICAL |
| DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | |||||
| CVE-2021-32029 | 2 Postgresql, Redhat | 2 Postgresql, Jboss Enterprise Application Platform | 2022-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. | |||||