Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mysql_workbench
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-24 | CVE-2021-44531 | Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a... | Node\.js, Graalvm, Mysql_cluster, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools | 7.4 | ||
| 2022-02-24 | CVE-2021-44532 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the... | Debian_linux, Node\.js, Graalvm, Mysql_cluster, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools | 5.3 | ||
| 2022-02-24 | CVE-2021-44533 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are... | Debian_linux, Node\.js, Graalvm, Mysql_cluster, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools | 5.3 | ||
| 2022-02-24 | CVE-2022-21824 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null... | Debian_linux, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Node\.js, Mysql_cluster, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools | 8.2 | ||
| 2020-01-21 | CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Leap, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Libxml2 | 7.5 | ||
| 2019-02-27 | CVE-2019-1559 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt... | Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Traffix_signaling_delivery_controller, Fedora, Agent, Data_exchange_layer, Threat_intelligence_exchange_server, Web_gateway, A220_firmware, A320_firmware, A800_firmware, Active_iq_unified_manager, Altavault, C190_firmware, Cloud_backup, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Element_software, Fas2720_firmware, Fas2750_firmware, Hci_compute_node, Hci_management_node, Hyper_converged_infrastructure, Oncommand_insight, Oncommand_unified_manager, Oncommand_unified_manager_core_package, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Service_processor, Smi\-S_provider, Snapcenter, Snapdrive, Snapprotect, Solidfire, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Node\.js, Openssl, Leap, Api_gateway, Business_intelligence, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_session_border_controller, Communications_session_router, Communications_unified_session_manager, Endeca_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_enterprise_monitor, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_global_desktop, Services_tools_bundle, Pan\-Os, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_enterprise_web_server, Virtualization, Virtualization_host, Nessus | 5.9 | ||
| 2019-12-09 | CVE-2019-19603 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | Guacamole, Cloud_backup, Ontap_select_deploy_administration_utility, Mysql_workbench, Sinec_infrastructure_network_services, Sqlite | 7.5 | ||
| 2019-12-10 | CVE-2019-14889 | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. | Ubuntu_linux, Debian_linux, Fedora, Libssh, Leap, Mysql_workbench | 8.8 | ||
| 2019-12-24 | CVE-2019-19924 | SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | Bookkeeper, Cloud_backup, Mysql_workbench, Sinec_infrastructure_network_services, Sqlite | 5.3 | ||
| 2019-07-10 | CVE-2018-14550 | An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. | Libpng, Active_iq_unified_manager, Oncommand_api_services, Hyperion_infrastructure_technology, Mysql_workbench | 8.8 |