Product:

Mysql_workbench

(Oracle)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 42
Date Id Summary Products Score Patch Annotated
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Active_iq_unified_manager, Element, Management_services_for_element_software_and_netapp_hci, Snapcenter_plug\-In, Access_manager, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_analytics, Agile_product_lifecycle_management_integration_pack, Airlines_data_model, Application_express, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_safety, Banking_apis, Banking_deposits_and_lines_of_credit_servicing, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_loans_servicing, Banking_party_management, Banking_platform, Bi_publisher, Big_data_spatial_and_graph, Business_activity_monitoring, Business_intelligence, Business_process_management_suite, Clinical, Commerce_guided_search, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_calendar_server, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_signaling_route, Communications_eagle_application_processor, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_offline_mediation_controller, Communications_operations_monitor, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_border_controller, Communications_unified_inventory_management, Communications_webrtc_session_controller, Data_integrator, Database_server, Demantra_demand_management, Documaker, E\-Business_suite, Enterprise_communications_broker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Essbase_administration_services, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Fusion_middleware, Fusion_middleware_mapviewer, Goldengate, Goldengate_application_adapters, Graalvm, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Hospitality_opera_5_property_services, Hospitality_reporting_and_analytics, Hospitality_suite8, Http_server, Hyperion_financial_management, Hyperion_ilearning, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_policy_administration_j2ee, Insurance_rules_palette, Java_se, Jd_edwards_enterpriseone_orchestrator, Jdk, Managed_file_transfer, Mysql_cluster, Mysql_connectors, Mysql_server, Mysql_workbench, Nosql_database, Oss_support_tools, Peoplesoft_enterprise_cs_sa_integration_pack, Peoplesoft_enterprise_people_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_portfolio_management, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Real_user_experience_insight, Rest_data_services, Retail_allocation, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_fiscal_management, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Sd\-Wan_aware, Sd\-Wan_edge, Secure_backup, Siebel_applications, Solaris, Spatial_studio, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Vm_virtualbox, Webcenter_portal, Weblogic_server, Zfs_storage_appliance_kit, Zfs_storage_application_integration_engineering_software, Fuse, Hibernate_validator, Jboss_data_grid, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On 6.1
2019-12-09 CVE-2019-19603 SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. Guacamole, Cloud_backup, Ontap_select_deploy_administration_utility, Mysql_workbench, Sinec_infrastructure_network_services, Sqlite 7.5
2019-12-10 CVE-2019-14889 A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. Ubuntu_linux, Debian_linux, Fedora, Libssh, Leap, Mysql_workbench 8.8
2020-01-21 CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Symantec_netbackup, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Sinema_remote_connect_server, Libxml2 7.5
2019-12-24 CVE-2019-19924 SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. Bookkeeper, Cloud_backup, Mysql_workbench, Sinec_infrastructure_network_services, Sqlite 5.3
2020-04-13 CVE-2020-1730 A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. Ubuntu_linux, Fedora, Libssh, Cloud_backup, Mysql_workbench, Enterprise_linux 5.3
2020-04-21 CVE-2020-1967 Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not... Fabric_operating_system, Debian_linux, Fedora, Freebsd, Enterpriseone, Active_iq_unified_manager, E\-Series_performance_analyzer, Oncommand_insight, Oncommand_workflow_automation, Smi\-S_provider, Snapcenter, Steelstore_cloud_integrated_storage, Openssl, Leap, Application_server, Enterprise_manager_base_platform, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Http_server, Jd_edwards_world_security, Mysql, Mysql_connectors, Mysql_enterprise_monitor, Mysql_workbench, Peoplesoft_enterprise_peopletools, Log_correlation_engine 7.5
2020-06-06 CVE-2020-13871 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Debian_linux, Fedora, Cloud_backup, Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite 7.5
2020-09-04 CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Inventory_collect_tool, Manageability_software_development_kit, Snapdrive, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Http_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2 6.5
2021-03-25 CVE-2021-3449 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default... Multi\-Domain_management_firmware, Quantum_security_gateway_firmware, Quantum_security_management_firmware, Debian_linux, Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, E\-Series_performance_analyzer, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Storagegrid, Node\.js, Openssl, Communications_communications_policy_management, Enterprise_manager_for_storage_management, Essbase, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Primavera_unifier, Secure_backup, Secure_global_desktop, Zfs_storage_appliance_kit, Ruggedcom_rcm1224_firmware, Scalance_lpe9403_firmware, Scalance_m\-800_firmware, Scalance_s602_firmware, Scalance_s612_firmware, Scalance_s615_firmware, Scalance_s623_firmware, Scalance_s627\-2m_firmware, Scalance_sc\-600_firmware, Scalance_w1700_firmware, Scalance_w700_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200ba_firmware, Scalance_xm\-400_firmware, Scalance_xp\-200_firmware, Scalance_xr524\-8c_firmware, Scalance_xr526\-8c_firmware, Scalance_xr528\-6m_firmware, Scalance_xr552\-12_firmware, Scalance_xr\-300wg_firmware, Simatic_cloud_connect_7_firmware, Simatic_cp_1242\-7_gprs_v2_firmware, Simatic_hmi_basic_panels_2nd_generation_firmware, Simatic_hmi_comfort_outdoor_panels_firmware, Simatic_hmi_ktp_mobile_panels_firmware, Simatic_logon, Simatic_mv500_firmware, Simatic_net_cp1243\-7_lte_eu_firmware, Simatic_net_cp1243\-7_lte_us_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_net_cp_1545\-1_firmware, Simatic_pcs_7_telecontrol_firmware, Simatic_pcs_neo_firmware, Simatic_pdm_firmware, Simatic_process_historian_opc_ua_server_firmware, Simatic_rf166c_firmware, Simatic_rf185c_firmware, Simatic_rf186c_firmware, Simatic_rf186ci_firmware, Simatic_rf188c_firmware, Simatic_rf188ci_firmware, Simatic_rf360r_firmware, Simatic_s7\-1200_cpu_1211c_firmware, Simatic_s7\-1200_cpu_1212c_firmware, Simatic_s7\-1200_cpu_1212fc_firmware, Simatic_s7\-1200_cpu_1214_fc_firmware, Simatic_s7\-1200_cpu_1214c_firmware, Simatic_s7\-1200_cpu_1215_fc_firmware, Simatic_s7\-1200_cpu_1215c_firmware, Simatic_s7\-1200_cpu_1217c_firmware, Simatic_s7\-1500_cpu_1518\-4_pn\/dp_mfp_firmware, Simatic_wincc_runtime_advanced, Simatic_wincc_telecontrol, Sinamics_connect_300_firmware, Sinec_infrastructure_network_services, Sinec_nms, Sinec_pni, Sinema_server, Sinumerik_opc_ua_server, Tia_administrator, Tim_1531_irc_firmware, Capture_client, Sma100_firmware, Sonicos, Log_correlation_engine, Nessus, Nessus_network_monitor, Tenable\.sc 5.9