CVE Daily
← All tags

Tag: MySQL

All CVEs associated with "MySQL". Page 6/20 • 2289 CVEs.

Subscribe CVEs: RSS for “MySQL”  ·  RSS (High+Critical only)

About “MySQL”

A curated feed of “MySQL”-related CVEs appears below. We currently track 2289 CVEs for this tag (all time). In the last 365 days, 184 were published. Average CVSS is 5.6 (all time; 6.4 over 365d), and 20% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-12-22
Critical

CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute…

CVSS: 9.8 CWE: CWE-459 - Incomplete Cleanup View on NVD
2022-11-21
Medium

CVE-2022-43117

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-11-14
Critical

CVE-2022-45136

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-11-01
High

CVE-2022-3780

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-10-26
High

CVE-2022-39944

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and co…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-10-25
Critical

CVE-2022-39312

Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
2022-10-19
High

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2022-10-18
Medium

CVE-2022-39410

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-39408

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-39404

Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are 1.6.3 and prior. Difficult to exploit vulnerability allows low p…

CVSS: 4.2 CWE: N/A View on NVD
Low

CVE-2022-39403

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 3.9 CWE: N/A View on NVD
Medium

CVE-2022-39402

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenti…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-39400

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21641

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21640

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21638

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21637

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21635

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-21633

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high pri…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21632

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21625

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high pri…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2022-21617

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21611

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged att…

CVSS: 4.1 CWE: N/A View on NVD
Medium

CVE-2022-21608

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerabil…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21607

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21605

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21604

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
High

CVE-2022-21600

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2022-21599

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows hig…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21595

Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2022-21594

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21592

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable…

CVSS: 4.3 CWE: N/A View on NVD
2022-10-07
High

CVE-2022-3276

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the…

CVSS: 8.4 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2022-09-29
Medium

CVE-2020-15333

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.

CVSS: 5.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-09-26
High

CVE-2022-39219

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP b…

CVSS: 8.5 CWE: CWE-287 - Improper Authentication View on NVD
2022-09-20
High

CVE-2022-40955

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-09-16
Medium

CVE-2021-41731

Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-09-11
Critical

CVE-2022-39135

Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnera…

CVSS: 9.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-08-03
Critical

CVE-2022-35866

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability.…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2022-34968

An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-08-01
Critical

CVE-2022-31181

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function…

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2022-07-19
Medium

CVE-2022-21569

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-21556

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-21555

Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL (component: Shell: GUI). Supported versions that are affected are 1.1.8 and prior. Easily exploitable vulnerability allows high pr…

CVSS: 4.2 CWE: N/A View on NVD
Medium

CVE-2022-21553

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21550

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.36 and prior, 7.5.26 and prior, 7.6.22 and prior and and 8.0.29…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2022-21547

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21539

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged atta…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2022-21538

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allo…

CVSS: 3.1 CWE: N/A View on NVD
Medium

CVE-2022-21537

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Low

CVE-2022-21535

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: General/Core Client). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows…

CVSS: 2.5 CWE: N/A View on NVD
Medium

CVE-2022-21534

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows hig…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21531

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21530

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21529

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21528

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21527

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21526

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21525

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21522

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows h…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2022-21519

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows unauthen…

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2022-21517

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21515

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerabilit…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21509

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21455

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high…

CVSS: 4.9 CWE: N/A View on NVD
2022-07-18
High

CVE-2022-26117

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below…

CVSS: 8.8 CWE: CWE-521 - Weak Password Requirements View on NVD
2022-06-28
Medium

CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0…

CVSS: 6.5 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
2022-06-16
High

CVE-2022-31626

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the passwor…

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2022-06-09
Medium

CVE-2022-31026

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data fro…

CVSS: 5.9 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
2022-06-06
Critical

CVE-2022-30927

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vu…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-05-24
Low

CVE-2021-4230

A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensit…

CVSS: 3.7 CWE: CWE-287 - Improper Authentication View on NVD
2022-04-28
Medium

CVE-2022-28102

A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-04-19
Medium

CVE-2022-21490

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2022-21489

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and…

CVSS: 6.3 CWE: N/A View on NVD
Low

CVE-2022-21486

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and…

CVSS: 2.9 CWE: N/A View on NVD
Low

CVE-2022-21485

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and…

CVSS: 2.9 CWE: N/A View on NVD
Low

CVE-2022-21484

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and…

CVSS: 2.9 CWE: N/A View on NVD
Medium

CVE-2022-21483

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2022-21482

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high pri…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2022-21479

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21478

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21462

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21460

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerabil…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2022-21459

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows un…

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2022-21454

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploit…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-21452

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21451

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allow…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2022-21444

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2022-21440

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21438

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21437

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21436

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21435

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21427

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability al…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21425

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 5.5 CWE: N/A View on NVD
Low

CVE-2022-21423

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 2.7 CWE: N/A View on NVD
Medium

CVE-2022-21418

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged att…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2022-21417

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21415

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high pri…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21414

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21413

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21412

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Critical

CVE-2022-27927

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the v…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-04-05
High

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a r…

CVSS: 7.5 CWE: N/A View on NVD
2022-02-01
Medium

CVE-2022-21687

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or tr…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2022-01-28
Critical

CVE-2020-25905

An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2021-44249

Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-01-25
High

CVE-2021-46086

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submi…

CVSS: 7.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-01-19
Medium

CVE-2022-21380

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2022-21379

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability al…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21378

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21374

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows h…

CVSS: 4.9 CWE: N/A View on NVD
Low

CVE-2022-21372

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows…

CVSS: 2.7 CWE: N/A View on NVD
Medium

CVE-2022-21370

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2022-21368

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2022-21367

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerabil…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21363

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privi…

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2022-21362

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows h…

CVSS: 4.9 CWE: N/A View on NVD