Oracle Mysql Connectors vulnerabilities

17 known vulnerabilities affecting oracle/mysql_connectors.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH7MEDIUM9

Vulnerabilities

Page 1 of 1

CVE-2025-30706HIGHCVSS 7.5≥ 9.0.0, ≤ 9.2.02025-04-15

CVE-2025-30706 [HIGH] CWE-276 CVE-2025-30706: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported v Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MyS

nvd

CVE-2025-30714MEDIUMCVSS 4.8≥ 9.0.0, ≤ 9.2.02025-04-15

CVE-2025-30714 [MEDIUM] CWE-284 CVE-2025-30714: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Suppor Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person othe

nvd

CVE-2023-21971MEDIUMCVSS 5.3≥ 8.0.0, ≤ 8.0.322023-04-18

CVE-2023-21971 [MEDIUM] CVE-2023-21971: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported v Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than

nvd

CVE-2021-44531HIGHCVSS 7.4≤ 8.0.282022-02-24

CVE-2021-44531 [HIGH] CWE-295 CVE-2021-44531: Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to us Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, N

nvd

CVE-2022-21824HIGHCVSS 8.2≤ 8.0.282022-02-24

CVE-2022-21824 [HIGH] CWE-471 CVE-2022-21824: Due to the formatting logic of the "console.table()" function it was not safe to allow user controll Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an em

nvd

CVE-2021-44533MEDIUMCVSS 5.3≤ 8.0.282022-02-24

CVE-2021-44533 [MEDIUM] CWE-295 CVE-2021-44533: Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguis Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allo

nvd

CVE-2021-44532MEDIUMCVSS 5.3≤ 8.0.282022-02-24

CVE-2021-44532 [MEDIUM] CWE-296 CVE-2021-44532: Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass o

nvd

CVE-2022-21363MEDIUMCVSS 6.6≥ 8.0.0, ≤ 8.0.272022-01-19

CVE-2022-21363 [MEDIUM] CVE-2022-21363: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported ve Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MyS

nvd

CVE-2021-2471MEDIUMCVSS 5.9≥ 8.0.0, ≤ 8.0.262021-10-20

CVE-2021-2471 [MEDIUM] CVE-2021-2471: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported ve Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized acce

nvd

CVE-2021-3711CRITICALCVSS 9.8≤ 8.0.272021-08-24

CVE-2021-3711 [CRITICAL] CWE-120 CVE-2021-3711: In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_ In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The applicati

nvd

CVE-2021-3712HIGHCVSS 7.4≤ 8.0.272021-08-24

CVE-2021-3712 [HIGH] CWE-125 CVE-2021-3712: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that

nvd

CVE-2021-3450HIGHCVSS 7.4≤ 8.0.232021-03-25

CVE-2021-3450 [HIGH] CWE-295 CVE-2021-3450: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation

nvd

CVE-2021-3449MEDIUMCVSS 5.9≤ 8.0.232021-03-25

CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr

nvd

CVE-2020-1967HIGHCVSS 7.5≤ 8.0.202020-04-21

CVE-2020-1967 [HIGH] CWE-476 CVE-2020-1967: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 han Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by

nvd

CVE-2019-10219MEDIUMCVSS 6.1fixed in 8.0.27v8.0.272019-11-08

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

nvd

CVE-2019-2435HIGHCVSS 8.1≥ 2.1.0, ≤ 2.1.8≥ 8.0.0, ≤ 8.0.132019-01-16

CVE-2019-2435 [HIGH] CVE-2019-2435: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Su Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person ot

nvd

CVE-2017-3586MEDIUMCVSS 6.4≤ 5.1.412017-04-24

CVE-2017-3586 [MEDIUM] CVE-2017-3586: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Support Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may signif

nvd