Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: CVE-2018-3258

Package Name: mysql:mysql-connector-java

Severity: HIGH

CVSS Score: 8.8

Publish Date: 2018-10-17T01:31:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Reference – NVD link

Description

** DISPUTED ** jQuery allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry.

MEDIUM Vulnerable Package issue exists @ jquery in branch master

Vulnerability ID: CVE-2018-18405

Package Name: jquery

Severity: MEDIUM

CVSS Score: 6.1

Publish Date: 2020-04-22T18:15:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.5.1

Link To SCA

Reference – NVD link

Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

MEDIUM Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: CVE-2019-2692

Package Name: mysql:mysql-connector-java

Severity: MEDIUM

CVSS Score: 6.3

Publish Date: 2019-04-23T19:32:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Reference – NVD link

Description

MySQL Connector/J before version 5.1.44 and 6.x is vulnerable to memory leak. When using cached server-side prepared statements, a memory leak occurred as references to opened statements were being kept while the statements were being decached; it happened when either the close() method has been called twice on a statement, or when there were conflicting cache entries for a statement and the older entry had not been closed and removed from the opened statement list.

HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: Cx6f651376-312a

Package Name: mysql:mysql-connector-java

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2017-08-14T23:00:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Description

jQuery can potentially allow remote attackers to conduct Cross-site scripting (XSS) attacks when using methods such as jQuery(), append() and after(). These methods accept an HTML string and can, by design, execute code. This can be avoided by sanitizing inputs when obtained from untrusted sources.

MEDIUM Vulnerable Package issue exists @ jquery in branch master

Vulnerability ID: CVE-2014-6071

Package Name: jquery

Severity: MEDIUM

CVSS Score: 6.1

Publish Date: 2018-01-16T19:29:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.5.1

Link To SCA

Reference – NVD link

Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

MEDIUM Vulnerable Package issue exists @ jquery in branch master

Vulnerability ID: CVE-2020-11023

Package Name: jquery

Severity: MEDIUM

CVSS Score: 6.1

Publish Date: 2020-04-29T21:15:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.5.1

Link To SCA

Reference – NVD link

Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

MEDIUM Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: CVE-2017-3589

Package Name: mysql:mysql-connector-java

Severity: MEDIUM

CVSS Score: 3.3

Publish Date: 2017-04-24T19:59:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Reference – NVD link

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

MEDIUM Vulnerable Package issue exists @ jquery in branch master

Vulnerability ID: CVE-2019-11358

Package Name: jquery

Severity: MEDIUM

CVSS Score: 6.1

Publish Date: 2019-04-20T00:29:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.5.1

Link To SCA

Reference – NVD link

Description

MySQL Connector/J before 5.1.31 is vulnerable to Memory Leak. Upon continuous interruption between the server and the database, the dead connections are accumulated in a map in ProfilerEventHandlerFactory factory and aren't removed from the memory. When the number of database connections reaches a certain number, it causes the application to throw an OutOfMemoryException as the garbage collector fails to collect the dead connections.

HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: Cx7ef609d2-efb5

Package Name: mysql:mysql-connector-java

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2010-08-01T23:00:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: CVE-2017-3523

Package Name: mysql:mysql-connector-java

Severity: HIGH

CVSS Score: 8.5

Publish Date: 2017-04-24T19:59:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Reference – NVD link

Description

MySQL Connector/J before 5.1.37 is vulnerable to Memory Leak. The method methodCompressedInputStream.getNextPacketFromServer() of src/com/mysq/jdbc/CompressedInputStream.java has high memory and garbage collection usage caused by the consecutive instantiation of a new inflater.

HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: Cx039cb67c-ead3

Package Name: mysql:mysql-connector-java

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2015-08-16T23:00:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Description

The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." The package maintainer disputes the validity of this vulnerability.

MEDIUM Vulnerable Package issue exists @ jquery in branch master

Vulnerability ID: CVE-2007-2379

Package Name: jquery

Severity: MEDIUM

CVSS Score: 5.0

Publish Date: 2007-04-30T23:19:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.5.1

Link To SCA

Reference – NVD link

Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

MEDIUM Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: CVE-2017-3586

Package Name: mysql:mysql-connector-java

Severity: MEDIUM

CVSS Score: 6.4

Publish Date: 2017-04-24T19:59:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Reference – NVD link

Description

In jQuery versions before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

MEDIUM Vulnerable Package issue exists @ jquery in branch master

Vulnerability ID: CVE-2020-11022

Package Name: jquery

Severity: MEDIUM

CVSS Score: 6.1

Publish Date: 2020-04-29T22:15:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.5.1

Link To SCA

Reference – NVD link

Description

MySQL Connector/J before 5.1.35 is vulnerable to SQL Injection. The function quoteIdentifier() in the file src/com/mysql/jdbc/StringUtils.java doesn't check if the identifier is correctly quoted and if quotes within are correctly escaped in the given indentifier, allowing an attacker to inject malicious queries.

HIGH Vulnerable Package issue exists @ mysql:mysql-connector-java in branch master

Vulnerability ID: CVE-2015-2575

Package Name: mysql:mysql-connector-java

Severity: HIGH

CVSS Score: 9.1

Publish Date: 2014-12-06T00:00:00

Current Package Version: 5.1.18

Remediation Upgrade Recommendation: 8.0.16

Link To SCA

Reference – NVD link

SQL_Injection issue exists @ /encode.frm in branch alexey-test

An attacker can exploit missing input validation to modify the commands sent to the database. This will allow the attacker to read, change or delete sensitive data.

Severity: HIGH

CWE:89

Vulnerability details and guidance

Lines: 41 42

Code (Line #41):

    user_name = txtUserName.Text

Code (Line #42):

    password = txtPassword.Text