From 4a4629f862da6326c6ccb3c4e24522bedab60fa5 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Thu, 23 Jun 2022 14:30:35 +0200 Subject: [PATCH 1/5] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- USAGE.md | 159 ------------------------------------------------------- 1 file changed, 159 deletions(-) diff --git a/USAGE.md b/USAGE.md index 52f7b8a..e69de29 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,159 +0,0 @@ -# NAME - - MySQLTuner 1.9.4 - MySQL High Performance Tuning Script - -# IMPORTANT USAGE GUIDELINES - -To run the script with the default options, run the script without arguments -Allow MySQL server to run for at least 24-48 hours before trusting suggestions -Some routines may require root level privileges (script will provide warnings) -You must provide the remote server's total memory when connecting to other servers - -# CONNECTION AND AUTHENTICATION - - --host Connect to a remote host to perform tests (default: localhost) - --socket Use a different socket for a local connection - --port Port to use for connection (default: 3306) - --protocol tcp Force TCP connection instead of socket - --user Username to use for authentication - --userenv Name of env variable which contains username to use for authentication - --pass Password to use for authentication - --passenv Name of env variable which contains password to use for authentication - --ssl-ca Path to public key - --mysqladmin Path to a custom mysqladmin executable - --mysqlcmd Path to a custom mysql executable - --defaults-file Path to a custom .my.cnf - --server-log Path to explict log file (error_log) - -# PERFORMANCE AND REPORTING OPTIONS - - --skipsize Don't enumerate tables and their types/sizes (default: on) - (Recommended for servers with many tables) - --json Print result as JSON string - --prettyjson Print result as JSON formatted string - --skippassword Don't perform checks on user passwords(default: off) - --checkversion Check for updates to MySQLTuner (default: don't check) - --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) - --forcemem Amount of RAM installed in megabytes - --forceswap Amount of swap memory configured in megabytes - --passwordfile Path to a password file list(one password by line) - --cvefile CVE File for vulnerability checks - --outputfile Path to a output txt file - --reportfile Path to a report txt file - --template Path to a template file - -# OUTPUT OPTIONS - - --silent Don't output anything on screen - --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) - --nocolor Don't print output in color - --nogood Remove OK responses - --nobad Remove negative/suggestion responses - --noinfo Remove informational responses - --debug Print debug information - --noprocess Consider no other process is running - --dbstat Print database information - --nodbstat Don't Print database information - --tbstat Print table information - --notbstat Don't Print table information - --colstat Print column information - --nocolstat Don't Print column information - --idxstat Print index information - --noidxstat Don't Print index information - --sysstat Print system information - --nosysstat Don't Print system information - --pfstat Print Performance schema - --nopfstat Don't Print Performance schema - --bannedports Ports banned separated by comma(,) - --server-log Define specifi error_log to analyze - --maxportallowed Number of ports opened allowed on this hosts - --buffers Print global and per-thread buffer values - -# PERLDOC - -You can find documentation for this module with the perldoc command. - - perldoc mysqltuner - -## INTERNALS - -[https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) - - Internal documentation - -# AUTHORS - -Major Hayden - major@mhtx.net - -# CONTRIBUTORS - -- Matthew Montgomery -- Paul Kehrer -- Dave Burgess -- Jonathan Hinds -- Mike Jackson -- Nils Breunese -- Shawn Ashlee -- Luuk Vosslamber -- Ville Skytta -- Trent Hornibrook -- Jason Gill -- Mark Imbriaco -- Greg Eden -- Aubin Galinotti -- Giovanni Bechis -- Bill Bradford -- Ryan Novosielski -- Michael Scheidell -- Blair Christensen -- Hans du Plooy -- Victor Trac -- Everett Barnes -- Tom Krouper -- Gary Barrueto -- Simon Greenaway -- Adam Stein -- Isart Montane -- Baptiste M. -- Cole Turner -- Major Hayden -- Joe Ashcraft -- Jean-Marie Renouard -- Stephan GroBberndt -- Christian Loos - -# SUPPORT - -Bug reports, feature requests, and downloads at http://mysqltuner.pl/ - -Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues - -Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL - -# SOURCE CODE - -[https://github.com/major/MySQLTuner-perl](https://github.com/major/MySQLTuner-perl) - - git clone https://github.com/major/MySQLTuner-perl.git - -# COPYRIGHT AND LICENSE - -Copyright (C) 2006-2022 Major Hayden - major@mhtx.net - -For the latest updates, please visit http://mysqltuner.pl/ - -Git repository available at https://github.com/major/MySQLTuner-perl - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see <https://www.gnu.org/licenses/>. From ba21312e00a02e19497e997586bd6b7633705166 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Thu, 23 Jun 2022 14:31:46 +0200 Subject: [PATCH 2/5] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- mysqltuner.pl | 168 ++++++++++++++++++++++++++++---------------------- 1 file changed, 93 insertions(+), 75 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 96ddaff..f840cff 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -204,10 +204,10 @@ $opt{tbstat} = 0 if ( $opt{notbstat} == 1 ); # Don't Print table information $opt{colstat} = 0 if ( $opt{nocolstat} == 1 ); # Don't Print column information $opt{dbstat} = 0 if ( $opt{nodbstat} == 1 ); # Don't Print database information $opt{noprocess} = 0 - if ( $opt{noprocess} == 1 ); # Don't Print process information + if ( $opt{noprocess} == 1 ); # Don't Print process information $opt{sysstat} = 0 if ( $opt{nosysstat} == 1 ); # Don't Print sysstat information $opt{pfstat} = 0 - if ( $opt{nopfstat} == 1 ); # Don't Print performance schema information + if ( $opt{nopfstat} == 1 ); # Don't Print performance schema information $opt{idxstat} = 0 if ( $opt{noidxstat} == 1 ); # Don't Print index information # for RPM distributions @@ -255,9 +255,9 @@ my @dblist; # Super structure containing all information my %result; -$result{'MySQLTuner'}{'version'} = $tunerversion; -$result{'MySQLTuner'}{'datetime'} =`date '+%d-%m-%Y %H:%M:%S'`; -$result{'MySQLTuner'}{'options'} = \%opt; +$result{'MySQLTuner'}{'version'} = $tunerversion; +$result{'MySQLTuner'}{'datetime'} = `date '+%d-%m-%Y %H:%M:%S'`; +$result{'MySQLTuner'}{'options'} = \%opt; # Functions that handle the print styles sub prettyprint { @@ -594,7 +594,7 @@ sub update_tuner_version { } my $update; - my $fullpath=""; + my $fullpath = ""; my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/"; my @scripts = ( "mysqltuner.pl", "basic_passwords.txt", "vulnerabilities.csv" ); @@ -607,12 +607,12 @@ sub update_tuner_version { if ( $httpcli =~ /curl$/ ) { debugprint "$httpcli is available."; - $fullpath=dirname(__FILE__)."/".$script; + $fullpath = dirname(__FILE__) . "/" . $script; debugprint "FullPath: $fullpath"; debugprint - "$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $fullpath"; +"$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $fullpath"; $update = - `$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $fullpath`; +`$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $fullpath`; chomp($update); debugprint "$script updated: $update"; @@ -747,7 +747,7 @@ sub mysql_setup { $remotestring = " -S $opt{socket} -P $opt{port}"; } - if ( $opt{protocol} ne '' ){ + if ( $opt{protocol} ne '' ) { $remotestring = " --protocol=$opt{protocol}"; } @@ -1359,7 +1359,8 @@ sub log_file_recommendations { subheaderprint "Log file Recommendations"; if ( "$myvar{'log_error'}" eq "stderr" ) { - badprint "log_error is set to $myvar{'log_error'}, but this script can't read stderr"; + badprint +"log_error is set to $myvar{'log_error'}, but this script can't read stderr"; return; } elsif ( $myvar{'log_error'} =~ /^(docker|podman|kubectl):(.*)/ ) { @@ -1423,7 +1424,7 @@ sub log_file_recommendations { $numLi++; debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i and $logLi !~ /Logging to/; - $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /Logging to/; + $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /Logging to/; $nbWarnLog++ if $logLi =~ /warning/i; push @lastShutdowns, $logLi if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; @@ -1945,21 +1946,25 @@ sub security_recommendations { debugprint "Password column = $PASS_COLUMN_NAME"; # IS THERE A ROLE COLUMN - my $is_role_column = select_one "select count(*) from information_schema.columns where TABLE_NAME='user' AND TABLE_SCHEMA='mysql' and COLUMN_NAME='IS_ROLE'"; - - my $extra_user_condition=""; - $extra_user_condition="IS_ROLE = 'N' AND" if $is_role_column > 0; + my $is_role_column = select_one +"select count(*) from information_schema.columns where TABLE_NAME='user' AND TABLE_SCHEMA='mysql' and COLUMN_NAME='IS_ROLE'"; + + my $extra_user_condition = ""; + $extra_user_condition = "IS_ROLE = 'N' AND" if $is_role_column > 0; my @mysqlstatlist; - if ($is_role_column > 0) { - @mysqlstatlist= select_array "SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE IS_ROLE='Y'"; + if ( $is_role_column > 0 ) { + @mysqlstatlist = select_array +"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE IS_ROLE='Y'"; foreach my $line ( sort @mysqlstatlist ) { chomp($line); infoprint "User $line is User Role"; } - } else { - debugprint "No Role user detected"; - goodprint "No Role user detected"; } + else { + debugprint "No Role user detected"; + goodprint "No Role user detected"; + } + # Looking for Anonymous users @mysqlstatlist = select_array "SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE $extra_user_condition (TRIM(USER) = '' OR USER IS NULL)"; @@ -2135,14 +2140,22 @@ sub get_replication_status { infoprint "Semi synchronous replication Master: " . ( - ( defined( $myvar{'rpl_semi_sync_master_enabled'} ) or defined( $myvar{'rpl_semi_sync_source_enabled'} ) ) - ? ( $myvar{'rpl_semi_sync_master_enabled'} // $myvar{'rpl_semi_sync_source_enabled'} ) + ( + defined( $myvar{'rpl_semi_sync_master_enabled'} ) + or defined( $myvar{'rpl_semi_sync_source_enabled'} ) + ) + ? ( $myvar{'rpl_semi_sync_master_enabled'} + // $myvar{'rpl_semi_sync_source_enabled'} ) : 'Not Activated' ); infoprint "Semi synchronous replication Slave: " . ( - ( defined( $myvar{'rpl_semi_sync_slave_enabled'} ) or defined( $myvar{'rpl_semi_sync_replica_enabled'} ) ) - ? ( $myvar{'rpl_semi_sync_slave_enabled'} // $myvar{'rpl_semi_sync_replica_enabled'} ) + ( + defined( $myvar{'rpl_semi_sync_slave_enabled'} ) + or defined( $myvar{'rpl_semi_sync_replica_enabled'} ) + ) + ? ( $myvar{'rpl_semi_sync_slave_enabled'} + // $myvar{'rpl_semi_sync_replica_enabled'} ) : 'Not Activated' ); if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { @@ -2156,13 +2169,15 @@ sub get_replication_status { } $result{'Replication'}{'status'} = \%myrepl; - my ($io_running) = $myrepl{'Slave_IO_Running'} // $myrepl{'Replica_IO_Running'}; + my ($io_running) = $myrepl{'Slave_IO_Running'} + // $myrepl{'Replica_IO_Running'}; debugprint "IO RUNNING: $io_running "; - my ($sql_running) = $myrepl{'Slave_SQL_Running'} // $myrepl{'Replica_SQL_Running'}; + my ($sql_running) = $myrepl{'Slave_SQL_Running'} + // $myrepl{'Replica_SQL_Running'}; debugprint "SQL RUNNING: $sql_running "; - - my ($seconds_behind_master) = $myrepl{'Seconds_Behind_Master'} // $myrepl{'Seconds_Behind_Source'} ; + my ($seconds_behind_master) = $myrepl{'Seconds_Behind_Master'} + // $myrepl{'Seconds_Behind_Source'}; $seconds_behind_master = 1000000 unless defined($seconds_behind_master); debugprint "SECONDS : $seconds_behind_master "; @@ -2173,7 +2188,7 @@ sub get_replication_status { "This replication slave is not running but seems to be configured."; } if ( defined($io_running) - && $io_running =~ /yes/i + && $io_running =~ /yes/i && $sql_running =~ /yes/i ) { if ( $myvar{'read_only'} eq 'OFF' ) { @@ -2209,19 +2224,21 @@ sub validate_mysql_version { or mysql_version_eq( 10, 5 ) or mysql_version_eq( 10, 6 ) or mysql_version_eq( 10, 7 ) - or mysql_version_eq( 10, 8 ) - ) + or mysql_version_eq( 10, 8 ) ) { goodprint "Currently running supported MySQL version " . $myvar{'version'} . ""; return; - } else { + } + else { badprint "Your MySQL version " . $myvar{'version'} . " is EOL software! Upgrade soon!"; - push ( @generalrec, "You are using n unsupported version for production environments"); - push ( @generalrec, "Upgrade as soon as possible to a supported version !"); - + push( @generalrec, + "You are using n unsupported version for production environments" ); + push( @generalrec, + "Upgrade as soon as possible to a supported version !" ); + } } @@ -3188,15 +3205,18 @@ sub mysql_stats { infoprint "Skipped name resolution test due to missing skip_name_resolve in system variables."; } + #Cpanel and Skip name resolve - elsif ( -r "/usr/local/cpanel/cpanel" ){ - if ( $result{'Variables'}{'skip_name_resolve'} ne 'OFF') { + elsif ( -r "/usr/local/cpanel/cpanel" ) { + if ( $result{'Variables'}{'skip_name_resolve'} ne 'OFF' ) { infoprint "CPanel and Flex system skip-name-resolve should be on"; } - if ( $result{'Variables'}{'skip_name_resolve'} eq 'OFF') { + if ( $result{'Variables'}{'skip_name_resolve'} eq 'OFF' ) { badprint "CPanel and Flex system skip-name-resolve should be on"; - push (@generalrec, "name resolution is enabled due to cPanel doesn't support this disabled."); - push (@adjvars, "skip-name-resolve=0"); + push( @generalrec, +"name resolution is enabled due to cPanel doesn't support this disabled." + ); + push( @adjvars, "skip-name-resolve=0" ); } } elsif ( $result{'Variables'}{'skip_name_resolve'} eq 'OFF' ) { @@ -3205,7 +3225,7 @@ sub mysql_stats { push( @generalrec, "Configure your accounts with ip or subnets only, then update your configuration with skip-name-resolve=1" ); - push (@adjvars, "skip-name-resolve=1"); + push( @adjvars, "skip-name-resolve=1" ); } # Query cache @@ -3620,15 +3640,15 @@ sub mysql_myisam { subheaderprint "MyISAM Metrics"; if ( mysql_version_ge(8) and mysql_version_le(10) ) { infoprint "MyISAM Metrics are disabled on last MySQL versions."; - if ( $myvar{'key_buffer_size'} > 0) { + if ( $myvar{'key_buffer_size'} > 0 ) { push( @adjvars, "key_buffer_size=0" ); - push( @generalrec, "Buffer Key MyISAM set to 0, no MyISAM table detected" ); + push( @generalrec, + "Buffer Key MyISAM set to 0, no MyISAM table detected" ); } return; } - my $nb_myisam_tables=select_one( -"SELECT COUNT(*) FROM information_schema.TABLES WHERE ENGINE='MyISAM'" - ); + my $nb_myisam_tables = select_one( + "SELECT COUNT(*) FROM information_schema.TABLES WHERE ENGINE='MyISAM'"); if ( $nb_myisam_tables == 0 ) { infoprint "No MyISAM table(s) detected ...."; return; @@ -3858,13 +3878,12 @@ sub mysqsl_pfs { # Performance Schema $myvar{'performance_schema'} = 'OFF' unless defined( $myvar{'performance_schema'} ); - if ($myvar{'performance_schema'} eq 'OFF') { + if ( $myvar{'performance_schema'} eq 'OFF' ) { badprint "Performance_schema should be activated."; push( @adjvars, "performance_schema=ON" ); push( @generalrec, - "Performance schema should be activated for better diagnostics" - ); - } + "Performance schema should be activated for better diagnostics" ); + } if ( $myvar{'performance_schema'} eq 'ON' ) { infoprint "Performance_schema is activated."; debugprint "Performance schema is " . $myvar{'performance_schema'}; @@ -3888,9 +3907,9 @@ sub mysqsl_pfs { infoprint "Sys schema Version: " . select_one("select sys_version from sys.version"); - # Store all sys schema +# Store all sys schema # for my $pfs_view(select_array('use sys;show tables;')){ - #infoprint "$pfs_view" +#infoprint "$pfs_view" # @$result{'sys'}{$pfs_view}{'headers'}=[]; # for my $h (select_array("select column_name FROM INFORMATION_SCHEMA.COLUMNS c # WHERE c.table_name = '$pfs_view' ORDER BY c.ORDINAL_POSITION")) { @@ -3902,7 +3921,7 @@ sub mysqsl_pfs { # push $result{'sys'}{$pfs_view}{'values'}, $lQuery; # } # } - # Top user per connection +# Top user per connection subheaderprint "Performance schema: Top 5 user per connection"; my $nbL = 1; for my $lQuery ( @@ -6669,7 +6688,7 @@ sub mysql_triggers() { # Take the two recommendation arrays and display them at the end of the output sub make_recommendations { - $result{'Recommendations'} = \@generalrec; + $result{'Recommendations'} = \@generalrec; $result{'AdjustVariables'} = \@adjvars; subheaderprint "Recommendations"; if ( @generalrec > 0 ) { @@ -6695,8 +6714,7 @@ sub close_outputfile { } sub headerprint { - prettyprint - " >> MySQLTuner $tunerversion\n" + prettyprint " >> MySQLTuner $tunerversion\n" . "\t * Jean-Marie Renouard \n" . "\t * Major Hayden \n" . " >> Bug reports, feature requests, and downloads at http://mysqltuner.pl/\n" @@ -6847,25 +6865,25 @@ system_recommendations; # avoid to many service on the same host log_file_recommendations; # check log file content check_storage_engines; # Show enabled storage engines -check_metadata_perf; # Show parameter impacting performance during analysis -mysql_databases; # Show informations about databases -mysql_tables; # Show informations about table column +check_metadata_perf; # Show parameter impacting performance during analysis +mysql_databases; # Show informations about databases +mysql_tables; # Show informations about table column -mysql_indexes; # Show informations about indexes -mysql_views; # Show informations about views -mysql_triggers; # Show informations about triggers -mysql_routines; # Show informations about routines -security_recommendations; # Display some security recommendations -cve_recommendations; # Display related CVE -calculations; # Calculate everything we need -mysql_stats; # Print the server stats -mysqsl_pfs; # Print Performance schema info -mariadb_threadpool; # Print MariaDB ThreadPool stats -mysql_myisam; # Print MyISAM stats -mysql_innodb; # Print InnoDB stats -mariadb_aria; # Print MariaDB Aria stats -mariadb_tokudb; # Print MariaDB Tokudb stats -mariadb_xtradb; # Print MariaDB XtraDB stats +mysql_indexes; # Show informations about indexes +mysql_views; # Show informations about views +mysql_triggers; # Show informations about triggers +mysql_routines; # Show informations about routines +security_recommendations; # Display some security recommendations +cve_recommendations; # Display related CVE +calculations; # Calculate everything we need +mysql_stats; # Print the server stats +mysqsl_pfs; # Print Performance schema info +mariadb_threadpool; # Print MariaDB ThreadPool stats +mysql_myisam; # Print MyISAM stats +mysql_innodb; # Print InnoDB stats +mariadb_aria; # Print MariaDB Aria stats +mariadb_tokudb; # Print MariaDB Tokudb stats +mariadb_xtradb; # Print MariaDB XtraDB stats #mariadb_rockdb; # Print MariaDB RockDB stats #mariadb_spider; # Print MariaDB Spider stats From c1cace575e9c3eb3b538336b802b811e4b7c3468 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Thu, 23 Jun 2022 14:34:24 +0200 Subject: [PATCH 3/5] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- USAGE.md | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) diff --git a/USAGE.md b/USAGE.md index e69de29..7d1567b 100644 --- a/USAGE.md +++ b/USAGE.md @@ -0,0 +1,159 @@ +# NAME + + MySQLTuner 2.0.4 - MySQL High Performance Tuning Script + +# IMPORTANT USAGE GUIDELINES + +To run the script with the default options, run the script without arguments +Allow MySQL server to run for at least 24-48 hours before trusting suggestions +Some routines may require root level privileges (script will provide warnings) +You must provide the remote server's total memory when connecting to other servers + +# CONNECTION AND AUTHENTICATION + + --host Connect to a remote host to perform tests (default: localhost) + --socket Use a different socket for a local connection + --port Port to use for connection (default: 3306) + --protocol tcp Force TCP connection instead of socket + --user Username to use for authentication + --userenv Name of env variable which contains username to use for authentication + --pass Password to use for authentication + --passenv Name of env variable which contains password to use for authentication + --ssl-ca Path to public key + --mysqladmin Path to a custom mysqladmin executable + --mysqlcmd Path to a custom mysql executable + --defaults-file Path to a custom .my.cnf + --server-log Path to explict log file (error_log) + +# PERFORMANCE AND REPORTING OPTIONS + + --skipsize Don't enumerate tables and their types/sizes (default: on) + (Recommended for servers with many tables) + --json Print result as JSON string + --prettyjson Print result as JSON formatted string + --skippassword Don't perform checks on user passwords(default: off) + --checkversion Check for updates to MySQLTuner (default: don't check) + --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) + --forcemem Amount of RAM installed in megabytes + --forceswap Amount of swap memory configured in megabytes + --passwordfile Path to a password file list(one password by line) + --cvefile CVE File for vulnerability checks + --outputfile Path to a output txt file + --reportfile Path to a report txt file + --template Path to a template file + +# OUTPUT OPTIONS + + --silent Don't output anything on screen + --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) + --nocolor Don't print output in color + --nogood Remove OK responses + --nobad Remove negative/suggestion responses + --noinfo Remove informational responses + --debug Print debug information + --noprocess Consider no other process is running + --dbstat Print database information + --nodbstat Don't Print database information + --tbstat Print table information + --notbstat Don't Print table information + --colstat Print column information + --nocolstat Don't Print column information + --idxstat Print index information + --noidxstat Don't Print index information + --sysstat Print system information + --nosysstat Don't Print system information + --pfstat Print Performance schema + --nopfstat Don't Print Performance schema + --bannedports Ports banned separated by comma(,) + --server-log Define specifi error_log to analyze + --maxportallowed Number of ports opened allowed on this hosts + --buffers Print global and per-thread buffer values + +# PERLDOC + +You can find documentation for this module with the perldoc command. + + perldoc mysqltuner + +## INTERNALS + +[https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) + + Internal documentation + +# AUTHORS + +Major Hayden - major@mhtx.net + +# CONTRIBUTORS + +- Matthew Montgomery +- Paul Kehrer +- Dave Burgess +- Jonathan Hinds +- Mike Jackson +- Nils Breunese +- Shawn Ashlee +- Luuk Vosslamber +- Ville Skytta +- Trent Hornibrook +- Jason Gill +- Mark Imbriaco +- Greg Eden +- Aubin Galinotti +- Giovanni Bechis +- Bill Bradford +- Ryan Novosielski +- Michael Scheidell +- Blair Christensen +- Hans du Plooy +- Victor Trac +- Everett Barnes +- Tom Krouper +- Gary Barrueto +- Simon Greenaway +- Adam Stein +- Isart Montane +- Baptiste M. +- Cole Turner +- Major Hayden +- Joe Ashcraft +- Jean-Marie Renouard +- Stephan GroBberndt +- Christian Loos + +# SUPPORT + +Bug reports, feature requests, and downloads at http://mysqltuner.pl/ + +Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues + +Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL + +# SOURCE CODE + +[https://github.com/major/MySQLTuner-perl](https://github.com/major/MySQLTuner-perl) + + git clone https://github.com/major/MySQLTuner-perl.git + +# COPYRIGHT AND LICENSE + +Copyright (C) 2006-2022 Major Hayden - major@mhtx.net + +For the latest updates, please visit http://mysqltuner.pl/ + +Git repository available at https://github.com/major/MySQLTuner-perl + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see <https://www.gnu.org/licenses/>. From 464e6328343f80b42f9a732f0939da1e9677abef Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Thu, 23 Jun 2022 14:42:26 +0200 Subject: [PATCH 4/5] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- vulnerabilities.csv | 203 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 200 insertions(+), 3 deletions(-) diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 1596eae..33b541e 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -940,9 +940,9 @@ 0.37.12;0;37;12;CVE-2018-6617;Candidate;"Easy Hosting Control Panel (EHCP) v0.37.12.b; when using a local MySQL server; allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.";"MISC:http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt | MISC:http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html";Assigned (20180204);"None (candidate not yet proposed)";"" 18.3.4;18;3;4;CVE-2019-1010259;Candidate;"SaltStack Salt 2018.3; 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.";"MISC:https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a | MISC:https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534 | MISC:https://github.com/saltstack/salt/pull/51462";Assigned (20190320);"None (candidate not yet proposed)";"" 9.0.1;9;0;1;CVE-2019-11200;Candidate;"Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However; the application performs insufficient checks on the export parameters to mysqldump; which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)";"MISC:https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities";Assigned (20190411);"None (candidate not yet proposed)";"" -2.9.8;2;9;8;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" -8.0.13;8;0;13;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" -8.4.0;8;4;0;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +2.9.8;2;9;8;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +8.0.13;8;0;13;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +8.4.0;8;4;0;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-12301;Candidate;"The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.";"MISC:https://jira.percona.com/browse/PS-5640 | MISC:https://www.percona.com/blog/2019/05/17/percona-server-for-mysql-5-6-44-85-0-is-now-available/";Assigned (20190523);"None (candidate not yet proposed)";"" 5.4.0;5;4;0;CVE-2019-15635;Candidate;"An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g.; MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the ""Save and test"" button within a data source's settings menu. When watching the transaction with Burp Proxy; the password for the data source is revealed and sent to the server. From a browser; a prompt to save the credentials is generated; and the password can be revealed by simply checking the ""Show password"" box.";"CONFIRM:https://security.netapp.com/advisory/ntap-20191009-0002/ | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/167244";Assigned (20190826);"None (candidate not yet proposed)";"" 65.0.0;65;0;0;CVE-2019-16065;Candidate;"A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server; expose database tables and values; and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.";"MISC:https://www.mogozobo.com/?p=3647";Assigned (20190906);"None (candidate not yet proposed)";"" @@ -1441,15 +1441,66 @@ 8.0.23;8;0;23;CVE-2021-2301;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2305;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +15.1.2;15;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" +14.1.2;14;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" +13.1.2;13;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2308;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2339;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2340;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2352;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2354;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2357;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2370;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2374;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2383;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2384;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2387;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2399;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2402;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2021-2412;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2418;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2422;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2424;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2425;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2426;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2429;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-889/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2437;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2440;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2441;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-2478;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-2479;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-2481;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 0.20.2;0;20;2;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 0.21.0;0;21;0;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 10.2.36;10;2;36;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.3.27;10;3;27;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.4.17;10;4;17;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.5.8;10;5;8;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" +3.9.6;3;9;6;CVE-2021-29004;Candidate;"rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig; an attacker may successfully upload a webshell to the server and access it remotely.";"MISC:http://rconfig.com | MISC:https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt | MISC:https://github.com/mrojz/rconfig-exploit/blob/main/README.md | MISC:https://rconfig.com";Assigned (20210322);"None (candidate not yet proposed)";"" +2.11.10;2;11;10;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.0;2;12;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.4;2;12;4;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.8.0;2;8;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.5;2;12;5;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" 19.0.5;19;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 11.0.5;11;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 19.1.4;19;1;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" @@ -1462,3 +1513,149 @@ 12.1.3;12;1;3;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 21.0.0;21;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 13.0.0;13;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-35537;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35546;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35575;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-35583;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35591;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35596;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35602;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +5.7.35;5;7;35;CVE-2021-35604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35607;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35608;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35610;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35612;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35622;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35623;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +5.7.35;5;7;35;CVE-2021-35624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35625;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35626;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35627;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35628;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-35629;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35630;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35631;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35634;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35635;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35636;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35637;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35638;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35639;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35640;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35642;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35643;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35644;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35645;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35646;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35647;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35648;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +2.6.6;2;6;6;CVE-2021-36774;Candidate;"Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.";"MISC:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | URL:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | MLIST:[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE | URL:http://www.openwall.com/lists/oss-security/2022/01/06/5";Assigned (20210719);"None (candidate not yet proposed)";"" +3.1.2;3;1;2;CVE-2021-36774;Candidate;"Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.";"MISC:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | URL:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | MLIST:[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE | URL:http://www.openwall.com/lists/oss-security/2022/01/06/5";Assigned (20210719);"None (candidate not yet proposed)";"" +21.0.2;21;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +13.0.2;13;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.0.6;19;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.0.6;11;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.1.5;19;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.1.5;11;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.2.2;19;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.2.2;11;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +20.0.5;20;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +12.0.5;12;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +20.1.4;20;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +12.1.4;12;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +21.0.3;21;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +13.0.3;13;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.0.7;19;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.0.7;11;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.1.6;19;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.1.6;11;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.2.3;19;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.2.3;11;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +20.0.6;20;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +12.0.6;12;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +20.1.5;20;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +12.1.5;12;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +1.12.0;1;12;0;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" +4.6.2;4;6;2;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" +4.6.3;4;6;3;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21245;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21245;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21249;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21253;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21254;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21256;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21264;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21265;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21270;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21270;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2022-21278;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2022-21297;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21301;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21302;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21303;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21303;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21339;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21344;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21344;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21348;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21351;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2022-21352;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21358;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21362;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21368;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21370;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21374;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21378;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21379;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21412;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21413;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21414;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21415;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21418;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21423;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21425;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21435;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21436;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21437;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21438;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21440;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21451;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21451;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21452;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21454;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21454;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21457;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21459;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21460;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21460;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21462;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21478;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21479;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +1.1.3;1;1;3;CVE-2022-21687;Candidate;"gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost; plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.";"CONFIRM:https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29 | URL:https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29 | MISC:https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f | URL:https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f";Assigned (20211116);"None (candidate not yet proposed)";"" +10.6.5;10;6;5;CVE-2022-27376;Candidate;"MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg; which is exploited via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220519-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26354";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27377;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(); which is exploited via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26281";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.2;10;6;2;CVE-2022-27379;Candidate;"An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0005/ | MISC:https://jira.mariadb.org/browse/MDEV-26353";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27380;Candidate;"An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26280";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27455;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28097";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27456;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28093";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27457;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28098";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27458;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28099";Assigned (20220321);"None (candidate not yet proposed)";"" +2.1.1;2;1;1;CVE-2022-31026;Candidate;"Trilogy is a client library for MySQL. When authenticating; a malicious server could return a specially crafted authentication packet; causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.";"CONFIRM:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | URL:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | MISC:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962 | URL:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962";Assigned (20220518);"None (candidate not yet proposed)";"" From 3bc7b6a34b26c87b51af5511d04974a9d8ef32c8 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Thu, 30 Jun 2022 14:46:54 +0200 Subject: [PATCH 5/5] Version 2.0.5 [Patch] Legibility and typos, mark 3 #602 --- USAGE.md | 10 +-- mysqltuner.pl | 185 +++++++++++++++++++++++++------------------------- 2 files changed, 96 insertions(+), 99 deletions(-) diff --git a/USAGE.md b/USAGE.md index 7d1567b..9dd7353 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 2.0.4 - MySQL High Performance Tuning Script + MySQLTuner2.0.5 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES @@ -31,7 +31,7 @@ You must provide the remote server's total memory when connecting to other serve (Recommended for servers with many tables) --json Print result as JSON string --prettyjson Print result as JSON formatted string - --skippassword Don't perform checks on user passwords(default: off) + --skippassword Don't perform checks on user passwords (default: off) --checkversion Check for updates to MySQLTuner (default: don't check) --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) --forcemem Amount of RAM installed in megabytes @@ -64,9 +64,9 @@ You must provide the remote server's total memory when connecting to other serve --nosysstat Don't Print system information --pfstat Print Performance schema --nopfstat Don't Print Performance schema - --bannedports Ports banned separated by comma(,) - --server-log Define specifi error_log to analyze - --maxportallowed Number of ports opened allowed on this hosts + --bannedports Ports banned separated by comma (,) + --server-log Define specific error_log to analyze + --maxportallowed Number of ports opened allowed on this host --buffers Print global and per-thread buffer values # PERLDOC diff --git a/mysqltuner.pl b/mysqltuner.pl index f840cff..5a8e91d 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 2.0.4 +# mysqltuner.pl - Version2.0.5 # High Performance MySQL Tuning Script # Copyright (C) 2006-2022 Major Hayden - major@mhtx.net # Copyright (C) 2015-2022 Jean-Marie Renouard - jmrenouard@gmail.com @@ -655,7 +655,7 @@ sub update_tuner_version { else { badprint "Couldn't update MySQLTuner script"; } - infoprint "Stopping program: MySQLTuner has be updated."; + infoprint "Stopping program: MySQLTuner script must be updated first."; exit 0; } @@ -666,11 +666,11 @@ sub compare_tuner_version { #exit 0; if ( $remoteversion ne $tunerversion ) { badprint - "There is a new version of MySQLTuner available($remoteversion)"; + "There is a new version of MySQLTuner available ($remoteversion)"; update_tuner_version(); return; } - goodprint "You have the latest version of MySQLTuner($tunerversion)"; + goodprint "You have the latest version of MySQLTuner ($tunerversion)"; return; } @@ -681,7 +681,7 @@ my $osname = $^O; if ( $osname eq 'MSWin32' ) { eval { require Win32; } or last; $osname = Win32::GetOSName(); - infoprint "* Windows OS($osname) is not fully supported.\n"; + infoprint "* Windows OS ($osname) is not fully supported.\n"; #exit 1; } @@ -1174,7 +1174,7 @@ sub get_all_vars { $dummyselect = select_one "SELECT VERSION()"; if ( not defined($dummyselect) or $dummyselect eq "" ) { badprint -"You probably did not get enough privileges for running MySQLTuner ..."; +"You probably do not have enough privileges to run MySQLTuner ..."; exit(256); } $dummyselect =~ s/(.*?)\-.*/$1/; @@ -1514,7 +1514,7 @@ sub cve_recommendations { if ( $mysqlvermajor eq 5 and $mysqlverminor eq 5 ) { infoprint "False positive CVE(s) for MySQL and MariaDB 5.5.x can be found."; - infoprint "Check careful each CVE for those particular versions"; + infoprint "Check carefully each CVE for those particular versions"; } badprint $cvefound . " CVE(s) found for your MySQL release."; push( @generalrec, @@ -1874,7 +1874,7 @@ sub system_recommendations { . scalar @opened_ports . " listening port(s) on this server."; if ( scalar(@opened_ports) > $opt{'maxportallowed'} ) { - badprint "There is too many listening ports: " + badprint "There are too many listening ports: " . scalar(@opened_ports) . " opened > " . $opt{'maxportallowed'} @@ -1884,7 +1884,7 @@ sub system_recommendations { ); } else { - goodprint "There is less than " + goodprint "There are less than " . $opt{'maxportallowed'} . " opened ports on this server."; } @@ -1990,7 +1990,7 @@ sub security_recommendations { } if ( mysql_version_le( 5, 1 ) ) { badprint "No more password checks for MySQL version <=5.1"; - badprint "MySQL version <=5.1 are deprecated and end of support."; + badprint "MySQL version <=5.1 is deprecated and end of support."; return; } @@ -2098,7 +2098,7 @@ q{SELECT CONCAT(QUOTE(user), '@', QUOTE(host)) FROM mysql.global_priv WHERE . $pass . "', 2, LENGTH('" . $pass . "'))))"; - debugprint "There is " . scalar(@mysqlstatlist) . " items."; + debugprint "There are " . scalar(@mysqlstatlist) . " items."; if (@mysqlstatlist) { foreach my $line (@mysqlstatlist) { chomp($line); @@ -2233,9 +2233,9 @@ sub validate_mysql_version { else { badprint "Your MySQL version " . $myvar{'version'} - . " is EOL software! Upgrade soon!"; + . " is EOL software. Upgrade soon!"; push( @generalrec, - "You are using n unsupported version for production environments" ); + "You are using an unsupported version for production environments" ); push( @generalrec, "Upgrade as soon as possible to a supported version !" ); @@ -2424,7 +2424,7 @@ sub check_storage_engines { # MySQL 5 servers can have table sizes calculated quickly from information schema my @templist = select_array -"SELECT ENGINE,SUM(DATA_LENGTH+INDEX_LENGTH),COUNT(ENGINE),SUM(DATA_LENGTH),SUM(INDEX_LENGTH) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema', 'performance_schema', 'mysql') AND ENGINE IS NOT NULL GROUP BY ENGINE ORDER BY ENGINE ASC;"; +"SELECT ENGINE, SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(ENGINE), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema', 'performance_schema', 'mysql') AND ENGINE IS NOT NULL GROUP BY ENGINE ORDER BY ENGINE ASC;"; my ( $engine, $size, $count, $dsize, $isize ); foreach my $line (@templist) { @@ -2533,9 +2533,9 @@ sub check_storage_engines { && defined $myvar{'have_isam'} && $myvar{'have_isam'} eq "YES" ) { - badprint "MYISAM is enabled but isn't being used"; + badprint "MyISAM is enabled but isn't being used"; push( @generalrec, -"Add skip-isam to MySQL configuration to disable ISAM (MySQL > 4.1.0)" + "Add skip-isam to MySQL configuration to disable MyISAM (MySQL > 4.1.0)" ); } @@ -2607,7 +2607,6 @@ sub check_storage_engines { } } } - } my %mycalc; @@ -2794,9 +2793,9 @@ sub calculations { } elsif ( mysql_version_ge(5) ) { $mycalc{'total_myisam_indexes'} = select_one -"SELECT IFNULL(SUM(INDEX_LENGTH),0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'MyISAM';"; +"SELECT IFNULL(SUM(INDEX_LENGTH), 0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'MyISAM';"; $mycalc{'total_aria_indexes'} = select_one -"SELECT IFNULL(SUM(INDEX_LENGTH),0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'Aria';"; +"SELECT IFNULL(SUM(INDEX_LENGTH), 0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'Aria';"; } if ( defined $mycalc{'total_myisam_indexes'} ) { chomp( $mycalc{'total_myisam_indexes'} ); @@ -2877,7 +2876,6 @@ sub calculations { ) ); } - } else { $mycalc{'table_cache_hit_rate'} = 100; @@ -3221,7 +3219,7 @@ sub mysql_stats { } elsif ( $result{'Variables'}{'skip_name_resolve'} eq 'OFF' ) { badprint -"Name resolution is active: a reverse name resolution is made for each new connection and can reduce performance"; +"Name resolution is active: a reverse name resolution is made for each new connection which can reduce performance"; push( @generalrec, "Configure your accounts with ip or subnets only, then update your configuration with skip-name-resolve=1" ); @@ -3490,7 +3488,7 @@ sub mysql_stats { "This is MyISAM only table_cache scalability problem, InnoDB not affected." ); push( @generalrec, - "See more details here: https://bugs.mysql.com/bug.php?id=49177" + "For more details see: https://bugs.mysql.com/bug.php?id=49177" ); push( @generalrec, "This bug already fixed in MySQL 5.7.9 and newer MySQL versions." @@ -3530,7 +3528,7 @@ sub mysql_stats { $mycalc{'total_tables'} = $nbtables; if ( defined $myvar{'table_definition_cache'} ) { if ( $myvar{'table_definition_cache'} == -1 ) { - infoprint( "table_definition_cache(" + infoprint( "table_definition_cache (" . $myvar{'table_definition_cache'} . ") is in autosizing mode" ); } @@ -3539,7 +3537,7 @@ sub mysql_stats { . $myvar{'table_definition_cache'} . ") is less than number of tables ($nbtables) "; push( @adjvars, - "table_definition_cache(" + "table_definition_cache (" . $myvar{'table_definition_cache'} . ") > " . $nbtables . " or -1 (autosizing if supported)" ); @@ -3639,7 +3637,7 @@ sub mysql_stats { sub mysql_myisam { subheaderprint "MyISAM Metrics"; if ( mysql_version_ge(8) and mysql_version_le(10) ) { - infoprint "MyISAM Metrics are disabled on last MySQL versions."; + infoprint "MyISAM Metrics are disabled since MySQL 8.0."; if ( $myvar{'key_buffer_size'} > 0 ) { push( @adjvars, "key_buffer_size=0" ); push( @generalrec, @@ -3843,13 +3841,13 @@ sub mariadb_threadpool { if ( $myvar{'thread_pool_size'} < 4 or $myvar{'thread_pool_size'} > 8 ) { badprint -"thread_pool_size between 4 and 8 when using MyIsam storage engine."; +"thread_pool_size between 4 and 8 when using MyISAM storage engine."; push( @generalrec, - "Thread pool size for MyIsam usage (" + "Thread pool size for MyISAM usage (" . $myvar{'thread_pool_size'} . ")" ); push( @adjvars, - "thread_pool_size between 4 and 8 for MyIsam usage" ); + "thread_pool_size between 4 and 8 for MyISAM usage" ); } else { goodprint @@ -3891,12 +3889,12 @@ sub mysqsl_pfs { } unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { - infoprint "Sys schema isn't installed."; + infoprint "Sys schema is not installed."; push( @generalrec, -"Consider installing Sys schema from https://github.com/mysql/mysql-sys for MySQL" + "Consider installing Sys schema from https://github.com/mysql/mysql-sys for MySQL" ) unless ( mysql_version_le( 5, 6 ) ); push( @generalrec, -"Consider installing Sys schema from https://github.com/FromDual/mariadb-sys for MariaDB" + "Consider installing Sys schema from https://github.com/FromDual/mariadb-sys for MariaDB" ) unless ( mysql_version_ge( 10, 0 ) ); return; @@ -4703,7 +4701,7 @@ sub mysqsl_pfs { #schema_index_statistics # TOP 15 most read index - subheaderprint "Performance schema: TOP 15 most read indexes"; + subheaderprint "Performance schema: Top 15 most read indexes"; $nbL = 1; for my $lQuery ( select_array( @@ -4793,7 +4791,7 @@ sub mysqsl_pfs { if ( $nbL == 1 ); # TOP 15 most read tables - subheaderprint "Performance schema: TOP 15 most read tables"; + subheaderprint "Performance schema: Top 15 most read tables"; $nbL = 1; for my $lQuery ( select_array( @@ -4993,7 +4991,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 reader queries (95% percentile)"; + subheaderprint "Performance schema: Top 15 reader queries (95% percentile)"; $nbL = 1; for my $lQuery ( select_array( @@ -5008,7 +5006,7 @@ sub mysqsl_pfs { if ( $nbL == 1 ); subheaderprint - "Performance schema: TOP 15 most row look queries (95% percentile)"; + "Performance schema: Top 15 most row look queries (95% percentile)"; $nbL = 1; for my $lQuery ( select_array( @@ -5023,7 +5021,7 @@ sub mysqsl_pfs { if ( $nbL == 1 ); subheaderprint - "Performance schema: TOP 15 total latency queries (95% percentile)"; + "Performance schema: Top 15 total latency queries (95% percentile)"; $nbL = 1; for my $lQuery ( select_array( @@ -5038,7 +5036,7 @@ sub mysqsl_pfs { if ( $nbL == 1 ); subheaderprint - "Performance schema: TOP 15 max latency queries (95% percentile)"; + "Performance schema: Top 15 max latency queries (95% percentile)"; $nbL = 1; for my $lQuery ( select_array( @@ -5053,7 +5051,7 @@ sub mysqsl_pfs { if ( $nbL == 1 ); subheaderprint - "Performance schema: TOP 15 average latency queries (95% percentile)"; + "Performance schema: Top 15 average latency queries (95% percentile)"; $nbL = 1; for my $lQuery ( select_array( @@ -5095,7 +5093,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 row sorting queries with sort"; + subheaderprint "Performance schema: Top 15 row sorting queries with sort"; $nbL = 1; for my $lQuery ( select_array( @@ -5109,7 +5107,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 total latency queries with sort"; + subheaderprint "Performance schema: Top 15 total latency queries with sort"; $nbL = 1; for my $lQuery ( select_array( @@ -5123,7 +5121,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 merge queries with sort"; + subheaderprint "Performance schema: Top 15 merge queries with sort"; $nbL = 1; for my $lQuery ( select_array( @@ -5138,7 +5136,7 @@ sub mysqsl_pfs { if ( $nbL == 1 ); subheaderprint - "Performance schema: TOP 15 average sort merges queries with sort"; + "Performance schema: Top 15 average sort merges queries with sort"; $nbL = 1; for my $lQuery ( select_array( @@ -5152,7 +5150,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 scans queries with sort"; + subheaderprint "Performance schema: Top 15 scans queries with sort"; $nbL = 1; for my $lQuery ( select_array( @@ -5166,7 +5164,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 range queries with sort"; + subheaderprint "Performance schema: Top 15 range queries with sort"; $nbL = 1; for my $lQuery ( select_array( @@ -5231,7 +5229,7 @@ sub mysqsl_pfs { if ( $nbL == 1 ); subheaderprint - "Performance schema: TOP 15 total latency queries with temp table"; + "Performance schema: Top 15 total latency queries with temp table"; $nbL = 1; for my $lQuery ( select_array( @@ -5245,7 +5243,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 queries with temp table to disk"; + subheaderprint "Performance schema: Top 15 queries with temp table to disk"; $nbL = 1; for my $lQuery ( select_array( @@ -5262,7 +5260,7 @@ sub mysqsl_pfs { ################################################################################## #wait_classes_global_by_latency -#ysql> select * from wait_classes_global_by_latency; +#mysql> select * from wait_classes_global_by_latency; #-----------------+-------+---------------+-------------+-------------+-------------+ # event_class | total | total_latency | min_latency | avg_latency | max_latency | #-----------------+-------+---------------+-------------+-------------+-------------+ @@ -5272,7 +5270,7 @@ sub mysqsl_pfs { #-----------------+-------+---------------+-------------+-------------+-------------+ # rows in set (0,00 sec) - subheaderprint "Performance schema: TOP 15 class events by number"; + subheaderprint "Performance schema: Top 15 class events by number"; $nbL = 1; for my $lQuery ( select_array( @@ -5286,7 +5284,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 30 events by number"; + subheaderprint "Performance schema: Top 30 events by number"; $nbL = 1; for my $lQuery ( select_array( @@ -5300,7 +5298,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 class events by total latency"; + subheaderprint "Performance schema: Top 15 class events by total latency"; $nbL = 1; for my $lQuery ( select_array( @@ -5314,7 +5312,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 30 events by total latency"; + subheaderprint "Performance schema: Top 30 events by total latency"; $nbL = 1; for my $lQuery ( select_array( @@ -5328,7 +5326,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 15 class events by max latency"; + subheaderprint "Performance schema: Top 15 class events by max latency"; $nbL = 1; for my $lQuery ( select_array( @@ -5342,7 +5340,7 @@ sub mysqsl_pfs { infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - subheaderprint "Performance schema: TOP 30 events by max latency"; + subheaderprint "Performance schema: Top 30 events by max latency"; $nbL = 1; for my $lQuery ( select_array( @@ -5592,26 +5590,26 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - infoprint "CPU core detected : " . (cpu_cores); + infoprint "CPU cores detected : " . (cpu_cores); infoprint "wsrep_slave_threads: " . get_wsrep_option('wsrep_slave_threads'); if ( get_wsrep_option('wsrep_slave_threads') > ( (cpu_cores) * 4 ) or get_wsrep_option('wsrep_slave_threads') < ( (cpu_cores) * 2 ) ) { badprint -"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; + "wsrep_slave_threads is not equal to 2, 3 or 4 times the number of CPU(s)"; push @adjvars, "wsrep_slave_threads = " . ( (cpu_cores) * 4 ); } else { goodprint - "wsrep_slave_threads is equal to 2, 3 or 4 times number of CPU(s)"; + "wsrep_slave_threads is equal to 2, 3 or 4 times the number of CPU(s)"; } if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { infoprint "wsrep parallel slave can cause frequent inconsistency crash."; push @adjvars, -"Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; + "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; # check options for parallel slave if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { @@ -5654,7 +5652,7 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" } else { goodprint -"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + "Flow control fraction seems to be OK (wsrep_flow_control_paused <= 0.02)"; } if ( scalar(@primaryKeysNbTables) > 0 ) { @@ -5716,14 +5714,14 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" } else { badprint -"There are $nbNodesSize nodes in wsrep_cluster_size. Prefer 3 or 5 nodes architecture."; + "There are $nbNodesSize nodes in wsrep_cluster_size. Prefer 3 or 5 nodes architecture."; push @generalrec, "Prefer 3 or 5 nodes architecture."; } # wsrep_cluster_address doesn't include garbd nodes if ( $nbNodes > $nbNodesSize ) { badprint -"All cluster nodes are not detected. wsrep_cluster_size less then node count in wsrep_cluster_address"; + "All cluster nodes are not detected. wsrep_cluster_size less than node count in wsrep_cluster_address"; } else { goodprint "All cluster nodes detected."; @@ -5761,14 +5759,14 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" } else { badprint "Galera Notify command is not defined."; - push( @adjvars, "set up parameter wsrep_notify_cmd to be notify" ); + push( @adjvars, "set up parameter wsrep_notify_cmd to be notified" ); } if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^xtrabackup.*" and trim( $myvar{'wsrep_sst_method'} ) !~ "^mariabackup" ) { badprint "Galera SST method is not xtrabackup based."; push( @adjvars, -"set up parameter wsrep_sst_method to xtrabackup based parameter" + "set up parameter wsrep_sst_method to xtrabackup based parameter" ); } else { @@ -5870,10 +5868,10 @@ sub mysql_innodb { $defengine = $myvar{'default_storage_engine'} if defined( $myvar{'default_storage_engine'} ); badprint -"InnoDB Storage engine is disabled. $defengine is the default storage engine" + "InnoDB Storage engine is disabled. $defengine is the default storage engine" if $defengine eq 'InnoDB'; infoprint -"InnoDB Storage engine is disabled. $defengine is the default storage engine" + "InnoDB Storage engine is disabled. $defengine is the default storage engine" if $defengine ne 'InnoDB'; } return; @@ -5953,12 +5951,12 @@ sub mysql_innodb { # InnoDB Buffer Pool Size if ( $myvar{'innodb_buffer_pool_size'} > $enginestats{'InnoDB'} ) { goodprint "InnoDB buffer pool / data size: " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . "/" + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " / " . hr_bytes( $enginestats{'InnoDB'} ) . ""; } else { badprint "InnoDB buffer pool / data size: " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . "/" + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " / " . hr_bytes( $enginestats{'InnoDB'} ) . ""; push( @adjvars, "innodb_buffer_pool_size (>= " @@ -5971,7 +5969,7 @@ sub mysql_innodb { badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" . $mycalc{'innodb_log_size_pct'} . "%): " . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " - . $myvar{'innodb_log_files_in_group'} . "/" + . $myvar{'innodb_log_files_in_group'} . " / " . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " should be equal to 25%"; push( @@ -5985,7 +5983,7 @@ sub mysql_innodb { ); if ( mysql_version_le( 5, 6, 2 ) ) { push( @generalrec, -"For MySQL 5.6.2 and lower, Max combined innodb_log_file_size should have a ceiling of (4096MB / log files in group) - 1MB." +"For MySQL 5.6.2 and lower, total innodb_log_file_size should have a ceiling of (4096MB / log files in group) - 1MB." ); } push( @generalrec, @@ -6197,7 +6195,7 @@ sub mysql_databases { subheaderprint "Database Metrics"; unless ( mysql_version_ge( 5, 5 ) ) { infoprint -"Skip Database metrics from information schema missing in this version"; +"Skip Database metrics from information schema are missing in this version"; return; } @@ -6207,20 +6205,20 @@ sub mysql_databases { infoprint "There is " . scalar(@dblist) . " Database(s)."; my @totaldbinfo = split /\s/, select_one( -"SELECT SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" +"SELECT SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH), SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(TABLE_NAME), COUNT(DISTINCT(TABLE_COLLATION)), COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('mysql', 'performance_schema', 'information_schema', 'sys');" ); infoprint "All User Databases:"; infoprint " +-- TABLE : " . select_one( -"SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='BASE TABLE' AND TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' )" +"SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='BASE TABLE' AND TABLE_SCHEMA NOT IN ('mysql', 'performance_schema', 'information_schema', 'sys')" ) . ""; infoprint " +-- VIEW : " . select_one( -"SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='VIEW' AND TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' )" +"SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='VIEW' AND TABLE_SCHEMA NOT IN ('mysql', 'performance_schema', 'information_schema', 'sys')" ) . ""; infoprint " +-- INDEX : " . select_one( -"SELECT count(distinct(concat(TABLE_NAME, TABLE_SCHEMA, INDEX_NAME))) from information_schema.STATISTICS WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' )" +"SELECT count(distinct(concat(TABLE_NAME, TABLE_SCHEMA, INDEX_NAME))) from information_schema.STATISTICS WHERE TABLE_SCHEMA NOT IN ('mysql', 'performance_schema', 'information_schema', 'sys')" ) . ""; infoprint " +-- CHARS : " @@ -6228,7 +6226,7 @@ sub mysql_databases { . ( join ", ", select_array( -"select distinct(CHARACTER_SET_NAME) from information_schema.columns WHERE CHARACTER_SET_NAME IS NOT NULL AND TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" +"select distinct(CHARACTER_SET_NAME) from information_schema.columns WHERE CHARACTER_SET_NAME IS NOT NULL AND TABLE_SCHEMA NOT IN ('mysql', 'performance_schema', 'information_schema', 'sys');" ) ) . ")"; infoprint " +-- COLLA : " @@ -6236,7 +6234,7 @@ sub mysql_databases { . ( join ", ", select_array( -"SELECT DISTINCT(TABLE_COLLATION) FROM information_schema.TABLES WHERE TABLE_COLLATION IS NOT NULL AND TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" +"SELECT DISTINCT(TABLE_COLLATION) FROM information_schema.TABLES WHERE TABLE_COLLATION IS NOT NULL AND TABLE_SCHEMA NOT IN ('mysql', 'performance_schema', 'information_schema', 'sys');" ) ) . ")"; infoprint " +-- ROWS : " @@ -6253,7 +6251,7 @@ sub mysql_databases { . ( join ", ", select_array( -"SELECT DISTINCT(ENGINE) FROM information_schema.TABLES WHERE ENGINE IS NOT NULL AND TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" +"SELECT DISTINCT(ENGINE) FROM information_schema.TABLES WHERE ENGINE IS NOT NULL AND TABLE_SCHEMA NOT IN ('mysql', 'performance_schema', 'information_schema', 'sys');" ) ) . ")"; @@ -6271,7 +6269,7 @@ sub mysql_databases { foreach (@dblist) { my @dbinfo = split /\s/, select_one( -"SELECT TABLE_SCHEMA, SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(DISTINCT ENGINE),COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_' GROUP BY TABLE_SCHEMA ORDER BY TABLE_SCHEMA" +"SELECT TABLE_SCHEMA, SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH), SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(DISTINCT ENGINE), COUNT(TABLE_NAME), COUNT(DISTINCT(TABLE_COLLATION)), COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_' GROUP BY TABLE_SCHEMA ORDER BY TABLE_SCHEMA" ); next unless defined $dbinfo[0]; infoprint "Database: " . $dbinfo[0] . ""; @@ -6428,12 +6426,12 @@ sub mysql_tables { subheaderprint "Table Column Metrics"; unless ( mysql_version_ge( 5, 5 ) ) { infoprint -"Skip Database metrics from information schema missing in this version"; +"Skip Database metrics from information schema are missing in this version"; return; } if ( mysql_version_ge(8) and not mysql_version_eq(10) ) { infoprint -"MySQL and Percona version 8 and greater have remove PROCEDURE ANALYSE feature"; +"MySQL and Percona version 8.0 and greater have removed PROCEDURE ANALYSE feature"; $opt{colstat} = 0; infoprint "Disabling colstat parameter"; @@ -6536,7 +6534,7 @@ sub mysql_indexes { subheaderprint "Indexes Metrics"; unless ( mysql_version_ge( 5, 5 ) ) { infoprint - "Skip Index metrics from information schema missing in this version"; + "Skip Index metrics from information schema are missing in this version"; return; } @@ -6547,8 +6545,8 @@ sub mysql_indexes { # } my $selIdxReq = <<'ENDSQL'; SELECT - CONCAT(t.TABLE_SCHEMA, '.',t.TABLE_NAME) AS 'table', - CONCAT(s.INDEX_NAME, '(',s.COLUMN_NAME, ')') AS 'index' + CONCAT(t.TABLE_SCHEMA, '.', t.TABLE_NAME) AS 'table', + CONCAT(s.INDEX_NAME, '(', s.COLUMN_NAME, ')') AS 'index' , s.SEQ_IN_INDEX AS 'seq' , s2.max_columns AS 'maxcol' , s.CARDINALITY AS 'card' @@ -6610,7 +6608,7 @@ ENDSQL foreach my $dbname ( select_user_dbs() ) { infoprint "Database: " . $dbname . ""; $selIdxReq = <<"ENDSQL"; - SELECT concat(table_name,'.', index_name) AS idxname, + SELECT concat(table_name, '.', index_name) AS idxname, GROUP_CONCAT(column_name ORDER BY seq_in_index) AS cols, SUM(CARDINALITY) as card, INDEX_TYPE as type @@ -6639,12 +6637,12 @@ ENDSQL and $myvar{'performance_schema'} eq 'ON' ); $selIdxReq = <<'ENDSQL'; -SELECT CONCAT(object_schema,'.',object_name) AS 'table', index_name +SELECT CONCAT(object_schema, '.', object_name) AS 'table', index_name FROM performance_schema.table_io_waits_summary_by_index_usage WHERE index_name IS NOT NULL AND count_star =0 AND index_name <> 'PRIMARY' -AND object_schema NOT IN ( 'mysql', 'performance_schema', 'information_schema' ) +AND object_schema NOT IN ('mysql', 'performance_schema', 'information_schema') ORDER BY count_star, object_schema, object_name; ENDSQL @idxinfo = select_array($selIdxReq); @@ -6663,7 +6661,7 @@ sub mysql_views() { subheaderprint "Views Metrics"; unless ( mysql_version_ge( 5, 5 ) ) { infoprint - "Skip Index metrics from information schema missing in this version"; + "Skip Index metrics from information schema are missing in this version"; return; } } @@ -6672,7 +6670,7 @@ sub mysql_routines() { subheaderprint "Routines Metrics"; unless ( mysql_version_ge( 5, 5 ) ) { infoprint - "Skip Index metrics from information schema missing in this version"; + "Skip Index metrics from information schema are missing in this version"; return; } } @@ -6681,7 +6679,7 @@ sub mysql_triggers() { subheaderprint "Triggers Metrics"; unless ( mysql_version_ge( 5, 5 ) ) { infoprint - "Skip Index metrics from information schema missing in this version"; + "Skip Index metrics from information schema are missing in this version"; return; } } @@ -6907,7 +6905,7 @@ __END__ =head1 NAME - MySQLTuner 2.0.4 - MySQL High Performance Tuning Script + MySQLTuner2.0.5 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES @@ -6938,7 +6936,7 @@ You must provide the remote server's total memory when connecting to other serve (Recommended for servers with many tables) --json Print result as JSON string --prettyjson Print result as JSON formatted string - --skippassword Don't perform checks on user passwords(default: off) + --skippassword Don't perform checks on user passwords (default: off) --checkversion Check for updates to MySQLTuner (default: don't check) --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) --forcemem Amount of RAM installed in megabytes @@ -6971,12 +6969,11 @@ You must provide the remote server's total memory when connecting to other serve --nosysstat Don't Print system information --pfstat Print Performance schema --nopfstat Don't Print Performance schema - --bannedports Ports banned separated by comma(,) - --server-log Define specifi error_log to analyze - --maxportallowed Number of ports opened allowed on this hosts + --bannedports Ports banned separated by comma (,) + --server-log Define specific error_log to analyze + --maxportallowed Number of ports opened allowed on this host --buffers Print global and per-thread buffer values - =head1 PERLDOC You can find documentation for this module with the perldoc command.