Updates CVS and docs
This commit is contained in:
		
							parent
							
								
									3412750798
								
							
						
					
					
						commit
						7fad4236ba
					
				
					 2 changed files with 7 additions and 6 deletions
				
			
		
							
								
								
									
										3
									
								
								vulnerabilities.csv
									
									
									
									
									
										
										
										Normal file → Executable file
									
								
							
							
						
						
									
										3
									
								
								vulnerabilities.csv
									
									
									
									
									
										
										
										Normal file → Executable file
									
								
							|  | @ -1713,7 +1713,8 @@ | ||||||
| 8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" | 8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" | ||||||
| 8.0.30;8;0;30;CVE-2022-39410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" | 8.0.30;8;0;30;CVE-2022-39410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" | ||||||
| 1.3.0;1;3;0;CVE-2022-40955;Candidate;"In versions of Apache InLong prior to 1.3.0; an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database; could cause this data to be deserialized by Apache InLong; potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.";"MISC:[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC   |   URL:http://www.openwall.com/lists/oss-security/2022/09/22/5   |   MISC:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1   |   URL:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1";Assigned (20220919);"None (candidate not yet proposed)";"" | 1.3.0;1;3;0;CVE-2022-40955;Candidate;"In versions of Apache InLong prior to 1.3.0; an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database; could cause this data to be deserialized by Apache InLong; potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.";"MISC:[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC   |   URL:http://www.openwall.com/lists/oss-security/2022/09/22/5   |   MISC:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1   |   URL:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1";Assigned (20220919);"None (candidate not yet proposed)";"" | ||||||
| 1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J; an authenticated attacker could read arbitrary local file by connecting a rogue mysql server; By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore; the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";"" | 1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";"" | ||||||
|  | 1.3.1;1;3;1;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";"" | ||||||
| 3.17.0;3;17;0;CVE-2022-45136;Candidate;"** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.";"MISC:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   URL:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   MLIST:[oss-security] 20221114 CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB   |   URL:http://www.openwall.com/lists/oss-security/2022/11/14/5";Assigned (20221110);"None (candidate not yet proposed)";"" | 3.17.0;3;17;0;CVE-2022-45136;Candidate;"** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.";"MISC:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   URL:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   MLIST:[oss-security] 20221114 CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB   |   URL:http://www.openwall.com/lists/oss-security/2022/11/14/5";Assigned (20221110);"None (candidate not yet proposed)";"" | ||||||
| 10.3.33;10;3;33;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";"" | 10.3.33;10;3;33;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";"" | ||||||
| 10.9.2;10;9;2;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";"" | 10.9.2;10;9;2;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";"" | ||||||
|  |  | ||||||
| Can't render this file because it is too large. | 
		Loading…
	
		Reference in a new issue
	
	 Jean-Marie RENOUARD
						Jean-Marie RENOUARD