Netapp Oncommand Workflow Automation — known CVE vulnerabilities
Every CVE whose affected-product data names Netapp Oncommand Workflow Automation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2015-3292 — CVSS 10.0 (critical): The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP)…
CVE-2018-14718 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2018-14719 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2020-10683 — CVSS 9.8 (critical): dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However…
CVE-2019-17267 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaT…
CVE-2019-16943 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2019-16942 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2019-14540 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2023-38545 — CVSS 9.8 (critical): This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the…
CVE-2019-14379 — CVSS 9.8 (critical): SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of…
CVE-2019-17571 — CVSS 9.8 (critical): Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely…
CVE-2020-8840 — CVSS 9.8 (critical): FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyedi…
CVE-2017-5645 — CVSS 9.8 (critical): In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another…
CVE-2018-1000613 — CVSS 9.8 (critical): Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of…
CVE-2019-17531 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either…
CVE-2019-16335 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource…
CVE-2021-3711 — CVSS 9.8 (critical): In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application…
CVE-2022-23852 — CVSS 9.8 (critical): Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2021-22931 — CVSS 9.8 (critical): Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input…
CVE-2022-37434 — CVSS 9.8 (critical): zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE…
CVE-2018-8014 — CVSS 9.8 (critical): The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to…
CVE-2016-9841 — CVSS 9.8 (critical): inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9843 — CVSS 9.8 (critical): The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving…
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2019-11068 — CVSS 9.8 (critical): libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon…
CVE-2017-10285 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2017-10346 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2024-28752 — CVSS 9.3 (critical): A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF…
CVE-2018-10933 — CVSS 9.1 (critical): A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels…
CVE-2018-2938 — CVSS 9.0 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191…
CVE-2018-1258 — CVSS 8.8 (high): Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using…
CVE-2021-45960 — CVSS 8.8 (high): In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc…
CVE-2020-10878 — CVSS 8.6 (high): Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular…
CVE-2021-3517 — CVSS 8.6 (high): There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted…
CVE-2018-2638 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2018-2825 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10…
CVE-2018-2826 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10…
CVE-2018-2941 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181…
CVE-2018-2942 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE…
CVE-2018-2964 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2020-14583 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2020-14664 — CVSS 8.3 (high): Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251…
CVE-2020-2803 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2020-2805 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are…
CVE-2022-21824 — CVSS 8.2 (high): Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the…
CVE-2019-2435 — CVSS 8.1 (high): Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are…
CVE-2021-46143 — CVSS 8.1 (high): In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-22901 — CVSS 8.1 (high): curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session…
CVE-2020-2604 — CVSS 8.1 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected…
CVE-2020-8174 — CVSS 8.1 (high): napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2016-1894 — CVSS 8.1 (high): NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2022-27778 — CVSS 8.1 (high): A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with…
CVE-2023-31102 — CVSS 7.8 (high): Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
CVE-2019-5443 — CVSS 7.8 (high): A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <=…
CVE-2018-2755 — CVSS 7.7 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are…
CVE-2018-3155 — CVSS 7.7 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23…
CVE-2021-29489 — CVSS 7.6 (high): Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not…
CVE-2018-2627 — CVSS 7.5 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152…
CVE-2016-8610 — CVSS 7.5 (high): A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined…
CVE-2024-28757 — CVSS 7.5 (high): libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via…
CVE-2024-1635 — CVSS 7.5 (high): A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2022-43680 — CVSS 7.5 (high): In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in…
CVE-2022-43551 — CVSS 7.5 (high): A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can…
CVE-2022-42004 — CVSS 7.5 (high): In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFrom…
CVE-2022-42003 — CVSS 7.5 (high): In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in…
CVE-2017-10388 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2018-1000180 — CVSS 7.5 (high): Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator…
CVE-2018-1000632 — CVSS 7.5 (high): dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute…
CVE-2018-12015 — CVSS 7.5 (high): In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite…
CVE-2018-25032 — CVSS 7.5 (high): zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2022-23913 — CVSS 7.5 (high): In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource…
CVE-2022-23457 — CVSS 7.5 (high): ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the…
CVE-2022-21449 — CVSS 7.5 (high): Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions…
CVE-2022-1319 — CVSS 7.5 (high): A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse…
CVE-2022-1259 — CVSS 7.5 (high): A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial…
CVE-2021-3859 — CVSS 7.5 (high): A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an…
CVE-2021-36222 — CVSS 7.5 (high): ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2…
CVE-2021-26118 — CVSS 7.5 (high): While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ…
CVE-2021-26117 — CVSS 7.5 (high): The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ…
CVE-2021-22946 — CVSS 7.5 (high): A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server…
CVE-2021-22926 — CVSS 7.5 (high): libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT`…
CVE-2021-22884 — CVSS 7.5 (high): Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2020-28196 — CVSS 7.5 (high): MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because…
CVE-2020-2816 — CVSS 7.5 (high): Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14…
CVE-2020-25649 — CVSS 7.5 (high): A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to…
CVE-2019-17359 — CVSS 7.5 (high): The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError…
CVE-2020-25644 — CVSS 7.5 (high): A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the…
CVE-2020-1967 — CVSS 7.5 (high): Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer…
CVE-2020-12723 — CVSS 7.5 (high): regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-11612 — CVSS 7.5 (high): The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker…
CVE-2020-14593 — CVSS 7.4 (high): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE…
CVE-2021-3450 — CVSS 7.4 (high): The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by…
CVE-2024-21147 — CVSS 7.4 (high): Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component…
CVE-2022-1292 — CVSS 7.3 (high): The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some…
CVE-2025-0509 — CVSS 7.3 (high): A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload…
CVE-2022-21600 — CVSS 7.2 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27…
CVE-2020-14697 — CVSS 7.2 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected…
CVE-2021-2144 — CVSS 7.2 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and…
CVE-2020-14678 — CVSS 7.2 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected…
CVE-2020-14828 — CVSS 7.2 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and…
CVE-2020-14663 — CVSS 7.2 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected…
CVE-2018-3064 — CVSS 7.1 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and…
CVE-2018-2562 — CVSS 7.1 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are…
CVE-2022-21351 — CVSS 7.1 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27…
CVE-2019-2534 — CVSS 7.1 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are…
CVE-2022-21278 — CVSS 7.1 (high): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26…
CVE-2017-10309 — CVSS 7.1 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2020-2601 — CVSS 6.8 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are…
CVE-2019-2949 — CVSS 6.8 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are…
CVE-2021-2046 — CVSS 6.8 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are…
CVE-2019-2989 — CVSS 6.8 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are…
CVE-2021-35567 — CVSS 6.8 (medium): Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that…
CVE-2017-10274 — CVSS 6.8 (medium): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE…
CVE-2018-2782 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and…
CVE-2020-2790 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are…
CVE-2020-2780 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and…
CVE-2020-2686 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18…
CVE-2020-2627 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and…
CVE-2022-21635 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior…
CVE-2018-2668 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2018-2665 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2020-2579 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46…
CVE-2018-2640 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2019-16168 — CVSS 6.5 (medium): In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a…
CVE-2018-2622 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58…
CVE-2018-2612 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and…
CVE-2022-39408 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30…
CVE-2018-11212 — CVSS 6.5 (medium): An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service…
CVE-2017-10384 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57…
CVE-2019-3011 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and…
CVE-2019-2966 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17…
CVE-2020-14846 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21…
CVE-2019-2434 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24…
CVE-2017-10379 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are…
CVE-2020-14836 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21…
CVE-2020-14830 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21…
CVE-2019-2455 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42…
CVE-2020-14827 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected…
CVE-2020-14800 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected…
CVE-2020-14775 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior…
CVE-2019-2529 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2020-14769 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49…
CVE-2020-14765 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and…
CVE-2019-2533 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are…
CVE-2020-14680 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20…
CVE-2017-10378 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2020-14619 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and…
CVE-2019-2914 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected…
CVE-2020-14591 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are…
CVE-2022-39410 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30…
CVE-2018-3060 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and…
CVE-2021-43797 — CVSS 6.5 (medium): Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers…
CVE-2020-14576 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and…
CVE-2018-3065 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22…
CVE-2020-14539 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48…
CVE-2018-3070 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are…
CVE-2018-3073 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2019-2946 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and…
CVE-2019-3004 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and…
CVE-2022-21358 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected…
CVE-2018-2817 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59…
CVE-2018-3133 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61…
CVE-2018-3137 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2018-3143 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and…
CVE-2023-21946 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32…
CVE-2018-3145 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12…
CVE-2022-21556 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28…
CVE-2018-3156 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and…
CVE-2021-22570 — CVSS 6.5 (medium): Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the…
CVE-2021-2202 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32…
CVE-2021-2178 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32…
CVE-2021-2172 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and…
CVE-2018-3182 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12…
CVE-2021-2024 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22…
CVE-2021-2020 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20…
CVE-2022-21569 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29…
CVE-2018-3203 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are…
CVE-2020-10719 — CVSS 6.5 (medium): A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This…
CVE-2018-3251 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and…
CVE-2018-2784 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and…
CVE-2021-2298 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23…
CVE-2018-2819 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and…
CVE-2019-2967 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17…
CVE-2019-2503 — CVSS 6.4 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are…
CVE-2022-21330 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24…
CVE-2020-2768 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.3.28…
CVE-2021-35621 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33…
CVE-2022-21279 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34…
CVE-2022-21280 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34…
CVE-2022-21284 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34…
CVE-2022-21285 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34…
CVE-2022-21286 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34…
CVE-2022-21287 — CVSS 6.3 (medium): Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34…