Mysql enterprise monitor

This hub aggregates every CVE we track for Mysql enterprise monitor, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mysql enterprise monitor.

• CVE-2022-22968In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectiv...5.3Apr 14, 2022
• CVE-2022-22965A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a W...KEV9.8Apr 1, 2022
• CVE-2022-22963In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression...KEV9.8Apr 1, 2022
• CVE-2021-44533Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relativ...5.3Feb 24, 2022
• CVE-2021-44532Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating ...5.3Feb 24, 2022
• CVE-2021-44531Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22....7.4Feb 24, 2022
• CVE-2022-21824Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object w...8.2Feb 24, 2022
• CVE-2022-23181Local privilege escalation with FileStore7.0Jan 27, 2022
• CVE-2022-23307A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.8.8Jan 18, 2022
• CVE-2022-23305SQL injection in JDBC Appender in Apache Log4j V19.8Jan 18, 2022
• CVE-2022-23302Deserialization of untrusted data in JMSSink in Apache Log4j 1.x8.8Jan 18, 2022
• CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9Dec 18, 2021
• CVE-2021-4104Deserialization of untrusted data in JMSAppender in Apache Log4j 1.27.5Dec 14, 2021
• CVE-2021-41184XSS in the `of` option of the `.position()` util6.5Oct 26, 2021
• CVE-2021-41183XSS in `*Text` options of the Datepicker widget6.5Oct 26, 2021