Vulnerabilities > Oracle > Mysql Connectors > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2021-44531 | Improper Certificate Validation vulnerability in multiple products Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. | 7.4 |
| 2022-02-24 | CVE-2022-21824 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". | 8.2 |
| 2021-08-24 | CVE-2021-3712 | Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. | 7.4 |
| 2021-03-25 | CVE-2021-3450 | Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. | 7.4 |
| 2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
| 2019-01-16 | CVE-2019-2435 | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). | 8.1 |