Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-11056

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-31 Aug, 2018 | 18:00
Updated At-05 Aug, 2024 | 07:54
Rejected At-
Credits

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:31 Aug, 2018 | 18:00
Updated At:05 Aug, 2024 | 07:54
Rejected At:
â–¼CVE Numbering Authority (CNA)

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.

Affected Products
Vendor
RSA Security LLCRSA
Product
BSAFE Micro Edition Suite
Versions
Affected
  • From unspecified before 4.1.6.1 (custom)
Vendor
RSA Security LLCRSA
Product
BSAFE Crypto-C Micro Edition
Versions
Affected
  • From unspecified before 4.0.5.3 (custom)
Problem Types
TypeCWE IDDescription
textN/AUncontrolled Resource Consumption ('Resource Exhaustion') vulnerability
Type: text
CWE ID: N/A
Description: Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability
Metrics
VersionBase scoreBase severityVector
3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2018/Aug/46
mailing-list
x_refsource_FULLDISC
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2018/Aug/46
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpujan2020.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2018/Aug/46
mailing-list
x_refsource_FULLDISC
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpujan2020.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2018/Aug/46
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujan2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:31 Aug, 2018 | 18:29
Updated At:18 Apr, 2022 | 18:15

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
Dell Inc.
dell
>>bsafe>>Versions from 4.1.0(inclusive) to 4.1.6.1(exclusive)
cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*
Dell Inc.
dell
>>bsafe_crypto-c>>Versions from 4.0.0(inclusive) to 4.0.5.3(exclusive)
cpe:2.3:a:dell:bsafe_crypto-c:*:*:*:*:micro:*:*:*
Oracle Corporation
oracle
>>application_testing_suite>>13.3.0.1
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_analytics>>12.1.1
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_ip_service_activator>>7.3.0
cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_ip_service_activator>>7.4.0
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>core_rdbms>>11.2.0.4
cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>core_rdbms>>12.1.0.2
cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>core_rdbms>>12.2.0.1
cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>core_rdbms>>18c
cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>core_rdbms>>19c
cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>enterprise_manager_ops_center>>12.3.3
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>enterprise_manager_ops_center>>12.4.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>goldengate_application_adapters>>12.3.2.1.0
cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jd_edwards_enterpriseone_tools>>9.2
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>real_user_experience_insight>>13.1.2.1
cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>real_user_experience_insight>>13.2.3.1
cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>real_user_experience_insight>>13.3.1.0
cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_predictive_application_server>>15.0.3
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_predictive_application_server>>16.0.3.0
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>security_service>>11.1.1.9.0
cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>security_service>>12.1.3.0.0
cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>security_service>>12.2.1.3.0
cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>timesten_in-memory_database>>Versions before 18.1.4.1.0(exclusive)
cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2018/Aug/46security_alert@emc.com
Mailing List
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2018/Aug/46
Source: security_alert@emc.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujan2020.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1257Records found
CVE-2025-21574
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.85% / 53.60%
||
7 Day CHG-0.01%
Published-15 Apr, 2025 | 20:30
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_servermysql_clusterMySQL ClusterMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-22017
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-21949
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 23.24%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-29 Jan, 2026 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-21950
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 23.21%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 21:56
Updated-29 Jan, 2026 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-47239
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 35.07%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 02:00
Updated-04 Feb, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42426
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.45% / 35.63%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 14:38
Updated-08 Jan, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-34276
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-34272
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-34271
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-34270
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-34303
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-34308
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50082
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 40.32%
||
7 Day CHG-0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50076
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 40.32%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50078
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 40.32%
||
7 Day CHG-0.00%
Published-15 Jul, 2025 | 19:27
Updated-17 Jul, 2025 | 12:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-50083
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 40.32%
||
7 Day CHG-0.00%
Published-15 Jul, 2025 | 19:27
Updated-18 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-29490
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.48% / 70.59%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20977
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-1.06% / 60.05%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:41
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.
Product-mysqloncommand_insightMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20962
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-1.12% / 61.84%
||
7 Day CHG~0.00%
Published-17 Feb, 2024 | 01:50
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20985
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-1.10% / 61.47%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:41
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.
Product-mysqloncommand_insightMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-21171
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 54.28%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 22:40
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-21230
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 56.17%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 19:52
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL ClusterMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-21177
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.76% / 50.47%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 22:40
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_servermysql_clusterMySQL NDB ClusterMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-21196
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 54.44%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 19:52
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-20961
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-1.10% / 61.47%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:41
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.
Product-mysqloncommand_insightMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-9516
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-57.46% / 98.95%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 20:50
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.F5, Inc.The Apache Software FoundationFedora ProjectOracle CorporationRed Hat, Inc.McAfee, LLCDebian GNU/LinuxopenSUSENode.js (OpenJS Foundation)Synology, Inc.
Product-ubuntu_linuxvs960hdsoftware_collectionsenterprise_linuxquayskynasswiftniodiskstation_managernode.jsdebian_linuxgraalvmopenshift_service_meshfedoramac_os_xvs960hd_firmwarenginxtraffic_serverjboss_enterprise_application_platformjboss_core_servicesweb_gatewayleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-4055
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-9.90% / 94.96%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

Action-Not Available
Vendor-momentjsn/aOracle CorporationTenable, Inc.
Product-nessusprimavera_unifiermomentn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21577
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 45.36%
||
7 Day CHG-0.01%
Published-15 Apr, 2025 | 20:30
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21575
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 49.91%
||
7 Day CHG-0.01%
Published-15 Apr, 2025 | 20:30
Updated-03 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_servermysql_clusterMySQL ClusterMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-22009
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 20:35
Updated-23 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_serverMySQL Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-3040
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-2.23% / 80.46%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-banking_corporate_lendingBanking Corporate Lending
CVE-2018-3065
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-3.68% / 88.25%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3030
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-2.23% / 80.46%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_investor_servicingFLEXCUBE Investor Servicing
CVE-2018-3145
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-2.47% / 82.40%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-n/aNetApp, Inc.Oracle Corporation
Product-snapcenterstorage_automation_storeoncommand_workflow_automationoncommand_unified_managermysqloncommand_insightn/a
CVE-2018-3186
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-2.11% / 79.36%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Oracle Corporation
Product-oncommand_insightwindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3277
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-2.67% / 83.81%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3041
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-2.23% / 80.46%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_enterprise_limits_and_collateral_managementFLEXCUBE Enterprise Limits and Collateral Management
CVE-2018-3251
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-3.05% / 85.86%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Microsoft CorporationOracle CorporationCanonical Ltd.
Product-ubuntu_linuxdebian_linuxmariadboncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3200
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-2.67% / 83.81%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcentermariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3278
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-3.46% / 87.51%
||
7 Day CHG+0.12%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3070
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-3.64% / 88.08%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterdebian_linuxstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3170
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-2.11% / 79.36%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Oracle Corporation
Product-snapcenterwindowsoncommand_workflow_automationoncommand_unified_managermysqloncommand_insightMySQL Server
CVE-2018-3276
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-3.56% / 87.82%
||
7 Day CHG+0.12%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Microsoft CorporationNetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storewindowsoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2018-3061
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-2.92% / 85.26%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenterstorage_automation_storeoncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-3063
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-3.21% / 86.54%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcenterdebian_linuxmariadboncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2018-2916
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.7||LOW
EPSS-1.97% / 77.86%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-sun_zfs_storage_appliance_kitSun ZFS Storage Appliance Kit (AK) Software
CVE-2018-2819
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-3.21% / 86.52%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxsnapcenterdebian_linuxmariadbenterprise_linux_server_ausenterprise_linux_workstationopenstackactive_iq_unified_managerenterprise_linux_eusoncommand_workflow_automationenterprise_linux_server_tusenterprise_linux_desktopmysqloncommand_insightMySQL Server
CVE-2018-2846
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-2.90% / 85.12%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxoncommand_insightstorage_automation_storeoncommand_workflow_automationoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2021-35591
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-2.43% / 82.12%
||
7 Day CHG-0.07%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle CorporationFedora Project
Product-oncommand_insightmysqlfedorasnapcenterMySQL Server
CVE-2018-2784
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-3.05% / 85.86%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationDebian GNU/LinuxNetApp, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxsnapcenterdebian_linuxmariadbactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 25
  • 26
  • Next
Details not found