Vulnerabilities > Oracle > Mysql Server

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2021-22898 Missing Initialization of Resource vulnerability in multiple products
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers.
3.1
2021-06-11 CVE-2021-22901 Use After Free vulnerability in multiple products
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection.
network
high complexity
haxx oracle netapp siemens splunk CWE-416
8.1
2021-03-25 CVE-2021-3450 Improper Certificate Validation vulnerability in multiple products
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.
7.4
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-23 CVE-2021-21351 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.1
2021-03-23 CVE-2021-21348 Resource Exhaustion vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
7.5
2021-03-23 CVE-2021-21344 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.8
2021-02-16 CVE-2021-23841 NULL Pointer Dereference vulnerability in multiple products
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate.
5.9
2021-02-16 CVE-2021-23840 Integer Overflow or Wraparound vulnerability in multiple products
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform.
7.5
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9