From 71b2f0b144cf8d53119fdf3259dc8678b4666e58 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 3 May 2021 10:10:47 +0000 Subject: [PATCH 01/19] Some new aliases --- build/bashrc | 45 ++++++++++++++++++++++++++---- build/{txt2html.pl => txt2Html.pl} | 15 +++++----- 2 files changed, 48 insertions(+), 12 deletions(-) rename build/{txt2html.pl => txt2Html.pl} (67%) diff --git a/build/bashrc b/build/bashrc index 18344a8..1cb17e3 100644 --- a/build/bashrc +++ b/build/bashrc @@ -1,12 +1,47 @@ -alias gst='git status' -alias gcm='git commit -m' -alias gmh='git log --follow -p --' -alias ll='ls -ls' +# Some Alias +alias h=history +alias s=sudo +alias rsh='ssh -l root' alias lh='ls -lsh' +alias ll='ls -ls' alias la='ls -lsa' -alias gam='git status | grep "modified" | cut -d: -f2 | xargs -n 1 git add' + +alias gst='git status' +alias grm='git rm -f' +alias gadd='git add' +alias gcm='git commit -m' +alias gps='git push' +alias gpl='git pull' +alias glg='git log' +alias gmh='git log --follow -p --' +alias gbl='git blame' +alias grs='git reset --soft HEAD~1' +alias grh='git reset --hard HEAD~1' alias serve="python -m $(python -c 'import sys; print("http.server" if sys.version_info[:2] > (2,7) else "SimpleHTTPServer")')" +gunt() { + git status | \ + grep -vE '( to publish your local commits|git add|git restore|On branch|Your branch|Untracked files|nclude in what will b|but untracked files present|no changes added to commit|modified:|deleted:|Changes not staged for commit)' |\ + sort | uniq | \ + xargs -n 1 $* +} + +gam() { + git status | \ + grep 'modified:' | \ + cut -d: -f2- | \ + sort | uniq | \ + xargs -n 1 git add +} + +gad() { + git status | \ + grep 'deleted:' | \ + cut -d: -f2- | \ + sort | uniq | \ + xargs -n 1 git rm -f +} + dcmd() { docker exec -i -t $1 bash diff --git a/build/txt2html.pl b/build/txt2Html.pl similarity index 67% rename from build/txt2html.pl rename to build/txt2Html.pl index 7b03d42..2283630 100644 --- a/build/txt2html.pl +++ b/build/txt2Html.pl @@ -14,14 +14,15 @@ my $i=1; while (my $row = <$fh>) { chomp $row; if ($row =~ /^$headerSep/) { - print "\n"; - $row =~ s/$headerSep//g; - print "

$row

\n"; - print "
";
-                $i++;
-                next;
-    }
+		print "
\n"; + $row =~ s/$headerSep//g; + print "

$row

\n"; + print "
";
+		$i++;
+		next;
+    } 
     print "$row\n" unless $row =~ /^\s*$/;
 }
 print "
\n"; close $fh; + From 85d5015a1d68e73ce7340af012662d4d7e4a002e Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 3 May 2021 10:12:00 +0000 Subject: [PATCH 02/19] some aliases --- build/bashrc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build/bashrc b/build/bashrc index 1cb17e3..7f25643 100644 --- a/build/bashrc +++ b/build/bashrc @@ -19,9 +19,10 @@ alias grs='git reset --soft HEAD~1' alias grh='git reset --hard HEAD~1' alias serve="python -m $(python -c 'import sys; print("http.server" if sys.version_info[:2] > (2,7) else "SimpleHTTPServer")')" + gunt() { git status | \ - grep -vE '( to publish your local commits|git add|git restore|On branch|Your branch|Untracked files|nclude in what will b|but untracked files present|no changes added to commit|modified:|deleted:|Changes not staged for commit)' |\ + grep -vE '(Changes to be committed:| to publish your local commits|git add|git restore|On branch|Your branch|Untracked files|nclude in what will b|but untracked files present|no changes added to commit|modified:|deleted:|Changes not staged for commit)' |\ sort | uniq | \ xargs -n 1 $* } From 5aa880afbc2c3691d5b6be2fbabbc9ed4aae3972 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 3 May 2021 12:00:02 +0000 Subject: [PATCH 03/19] Wrong recommendation "thread_pool_size between 16 and 36 for InnoDB usage" for Percona Server #551 --- mysqltuner.pl | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index cd78b0d..b218959 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.24 +# mysqltuner.pl - Version 1.7.25 # High Performance MySQL Tuning Script # Copyright (C) 2006-2021 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.24"; +my $tunerversion = "1.7.25"; my ( @adjvars, @generalrec ); # Set defaults @@ -3554,7 +3554,18 @@ sub mariadb_threadpool { infoprint "ThreadPool stat is enabled."; infoprint "Thread Pool Size: " . $myvar{'thread_pool_size'} . " thread(s)."; - if ( $myvar{'version'} =~ /mariadb|percona/i ) { + if ( $myvar{'version'} =~ /percona/i ) { + my $np=cpu_cores; + if ($myvar{'thread_pool_size'} >= $np and $myvar{'thread_pool_size'}< ($np *1.5)) { + goodprint "thread_pool_size for Percona betwwen 1 and 1.5 times nimber of CPUs (".$np. " and ".($np *1.5).")"; + } else { + badprint "thread_pool_size for Percona betwwen 1 and 1.5 times nimber of CPUs (".$np. " and ".($np *1.5).")"; + push( @adjvars, "thread_pool_size between ".$np . " and ".($np *1.5)." for InnoDB usage" ); + } + return; + } + + if ( $myvar{'version'} =~ /mariadb/i ) { infoprint "Using default value is good enough for your version (" . $myvar{'version'} . ")"; return; @@ -6487,7 +6498,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.24 - MySQL High Performance Tuning Script + MySQLTuner 1.7.25 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From c9345a1380125a9677c72ce9fdd606eb6537f30e Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 2 Jul 2021 16:22:51 +0200 Subject: [PATCH 04/19] 1.7.26 is fixing minor glitch with DROP USER #555 --- mysqltuner.pl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index b218959..47001ed 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.25 +# mysqltuner.pl - Version 1.7.26 # High Performance MySQL Tuning Script # Copyright (C) 2006-2021 Major Hayden - major@mhtx.net # @@ -30,7 +30,7 @@ # Everett Barnes Tom Krouper Gary Barrueto # Simon Greenaway Adam Stein Isart Montane # Baptiste M. Cole Turner Major Hayden -# Joe Ashcraft JeSan-Marie Renouard Christian Loos +# Joe Ashcraft Jean-Marie Renouard Christian Loos # Julien Francoz Daniel Black # # Inspired by Matthew Montgomery's tuning-primer.sh script: @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.25"; +my $tunerversion = "1.7.26"; my ( @adjvars, @generalrec ); # Set defaults @@ -1913,10 +1913,10 @@ q{SELECT CONCAT(QUOTE(user), '@', QUOTE(host)) FROM mysql.global_priv WHERE foreach my $line ( sort @mysqlstatlist ) { chomp($line); my $luser = ( split /@/, $line )[0]; - badprint "User '" . $line - . "' does not specify hostname restrictions."; + badprint "User " . $line + . " does not specify hostname restrictions."; push( @generalrec, -"Restrict Host for $luser\@% to $luser\@LimitedIPRangeOrLocalhost" +"Restrict Host for $luser\@'%' to $luser\@LimitedIPRangeOrLocalhost" ); push( @generalrec, "RENAME USER $luser\@'%' TO " @@ -6498,7 +6498,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.25 - MySQL High Performance Tuning Script + MySQLTuner 1.7.26 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 47cf0669fc83cabfff3499ba7e7cb18bdce80c1c Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 2 Jul 2021 16:41:36 +0200 Subject: [PATCH 05/19] failed to execute: SHOW SLAVE HOSTS #553 --- mysqltuner.pl | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 47001ed..668c36e 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.26 +# mysqltuner.pl - Version 1.7.27 # High Performance MySQL Tuning Script # Copyright (C) 2006-2021 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.26"; +my $tunerversion = "1.7.27"; my ( @adjvars, @generalrec ); # Set defaults @@ -1167,10 +1167,23 @@ sub get_all_vars { } } debugprint Dumper(@mysqlenginelist); - my @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); + + my @mysqlslave; + if ($mysqlvermajor eq 8 or ($mysqlvermajor eq 10 and $mysqlverminor ge 5)) { + @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); + } else { + @mysqlslave = select_array("SHOW REPLICA STATUS\\G"); + } arr2hash( \%myrepl, \@mysqlslave, ':' ); $result{'Replication'}{'Status'} = \%myrepl; - my @mysqlslaves = select_array "SHOW SLAVE HOSTS"; + + my @mysqlslaves; + if ( $mysqlvermajor eq 8 or ($mysqlvermajor eq 10 and $mysqlverminor ge 5) ) { + @mysqlslaves= select_array "SHOW SLAVE HOSTS"; + } else { + @mysqlslaves = select_array("SHOW SLAVE STATUS\\G"); + } + my @lineitems = (); foreach my $line (@mysqlslaves) { debugprint "L: $line "; @@ -6498,7 +6511,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.26 - MySQL High Performance Tuning Script + MySQLTuner 1.7.27 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 52d3fc4d7c46c081453ddba8e54b27fe57a2796e Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 2 Jul 2021 16:44:11 +0200 Subject: [PATCH 06/19] failed to execute: SHOW SLAVE HOSTS #553 --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 9f0320a..c0fd6d0 100644 --- a/README.md +++ b/README.md @@ -238,6 +238,11 @@ To get information about stored credentials, use the following command: mysql>GRANT SELECT, PROCESS,EXECUTE, REPLICATION CLIENT,SHOW DATABASES,SHOW VIEW ON *.* TO 'mysqltuner'@'localhost' identified by pwd1234; +**Question: What's minimum privileges needed by a specific mysqltuner user in database for MySQL 8 or MariaDB 10.5 ?** + + mysql>GRANT SELECT, PROCESS,EXECUTE, REPLICA MONITOR,SHOW DATABASES,SHOW VIEW ON *.* TO 'mysqltuner'@'localhost' identified by pwd1234; + + **Question: It's not working on my OS! What gives?!** These kinds of things are bound to happen. Here are the details I need from you in order to research the problem thoroughly: From 213211aeccb447ef7d62eb5c03759df3d232e92f Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 2 Jul 2021 16:55:43 +0200 Subject: [PATCH 07/19] improve FreeBSD support a bit (patch included) #549 --- mysqltuner.pl | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 668c36e..6328aa5 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.27 +# mysqltuner.pl - Version 1.7.28 # High Performance MySQL Tuning Script # Copyright (C) 2006-2021 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.27"; +my $tunerversion = "1.7.28"; my ( @adjvars, @generalrec ); # Set defaults @@ -300,9 +300,18 @@ sub infoprinthcmd { # Calculates the number of physical cores considering HyperThreading sub cpu_cores { - my $cntCPU = -`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; - return ( $cntCPU == 0 ? `nproc` : $cntCPU ); + if ($^O eq 'linux') { + my $cntCPU = + `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; + return ( $cntCPU == 0 ? `nproc` : $cntCPU ); + } + + if ($^O eq 'freebsd') { + my $cntCPU = `sysctl -n kern.smp.cores`; + chomp $cntCPU; + return $cntCPU + 0; + } + return 0; } # Calculates the parameter passed in bytes, then rounds it to one decimal place @@ -1169,7 +1178,7 @@ sub get_all_vars { debugprint Dumper(@mysqlenginelist); my @mysqlslave; - if ($mysqlvermajor eq 8 or ($mysqlvermajor eq 10 and $mysqlverminor ge 5)) { + if ( mysql_version_eq( 8 ) or mysql_version_ge( 10, 5 ) ) { @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); } else { @mysqlslave = select_array("SHOW REPLICA STATUS\\G"); @@ -1178,7 +1187,7 @@ sub get_all_vars { $result{'Replication'}{'Status'} = \%myrepl; my @mysqlslaves; - if ( $mysqlvermajor eq 8 or ($mysqlvermajor eq 10 and $mysqlverminor ge 5) ) { + if ( mysql_version_eq( 8 ) or mysql_version_ge( 10, 5 ) ) { @mysqlslaves= select_array "SHOW SLAVE HOSTS"; } else { @mysqlslaves = select_array("SHOW SLAVE STATUS\\G"); @@ -1578,9 +1587,19 @@ sub merge_hash { } sub is_virtual_machine { - my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; - return ( $isVm == 0 ? 0 : 1 ); -} + if ($^O eq 'linux') { + my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; + return ( $isVm == 0 ? 0 : 1 ); + } + + if ($^O eq 'freebsd') { + my $isVm = `sysctl -n kern.vm_guest`; + chomp $isVm; + print "FARK DEBUG isVm=[$isVm]"; + return ( $isVm eq 'none' ? 0 : 1); + } + return 0; + } sub infocmd { my $cmd = "@_"; @@ -6511,7 +6530,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.27 - MySQL High Performance Tuning Script + MySQLTuner 1.7.28 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 2079639e6bea9fa7f1aa44d7847363e29ae581a9 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 2 Jul 2021 18:17:25 +0200 Subject: [PATCH 08/19] Wrong table cache hit rate calculation #548 --- mysqltuner.pl | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 6328aa5..cf31425 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2739,7 +2739,9 @@ sub calculations { # Table cache if ( $mystat{'Opened_tables'} > 0 ) { $mycalc{'table_cache_hit_rate'} = - int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); + #int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); + int( $mystat{'Table_open_cache_hits'} * 100 / ( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) ); + } else { $mycalc{'table_cache_hit_rate'} = 100; @@ -3290,10 +3292,10 @@ sub mysql_stats { if ( $mystat{'Open_tables'} > 0 ) { if ( $mycalc{'table_cache_hit_rate'} < 20 ) { badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Open_tables'} ) - . " open / " - . hr_num( $mystat{'Opened_tables'} ) - . " opened)"; + . hr_num( $mystat{'Table_open_cache_hits'} ) + . " hits / " + . hr_num( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) + . " requests)"; if ( mysql_version_ge( 5, 1 ) ) { $table_cache_var = "table_open_cache"; } @@ -3335,10 +3337,10 @@ sub mysql_stats { } else { goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Open_tables'} ) - . " open / " - . hr_num( $mystat{'Opened_tables'} ) - . " opened)"; + . hr_num( $mystat{'Table_open_cache_hits'} ) + . " hits / " + . hr_num( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) + . " requests)"; } } From 8f479b06f69b7a751d8f00bda22d9c671aed1ab1 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 2 Jul 2021 18:17:57 +0200 Subject: [PATCH 09/19] Increment version --- mysqltuner.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index cf31425..cb523f2 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.28 +# mysqltuner.pl - Version 1.7.29 # High Performance MySQL Tuning Script # Copyright (C) 2006-2021 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.28"; +my $tunerversion = "1.7.29"; my ( @adjvars, @generalrec ); # Set defaults @@ -6532,7 +6532,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.28 - MySQL High Performance Tuning Script + MySQLTuner 1.7.29 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 656a7e51ed0c758131bca6ce6d73cb4201dce143 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 2 Jul 2021 18:31:21 +0200 Subject: [PATCH 10/19] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- USAGE.md | 6 +- mysqltuner.pl | 131 +++++++----- vulnerabilities.csv | 512 +++++++++++++++++++++++++------------------- 3 files changed, 376 insertions(+), 273 deletions(-) diff --git a/USAGE.md b/USAGE.md index c279349..9ecfa92 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.7.21 - MySQL High Performance Tuning Script + MySQLTuner 1.7.29 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES @@ -47,6 +47,8 @@ You must provide the remote server's total memory when connecting to other serve --nodbstat Don't Print database information --tbstat Print table information --notbstat Don't Print table information + --colstat Print column information + --nocolstat Don't Print column information --idxstat Print index information --noidxstat Don't Print index information --sysstat Print system information @@ -133,7 +135,7 @@ Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL # COPYRIGHT AND LICENSE -Copyright (C) 2006-2020 Major Hayden - major@mhtx.net +Copyright (C) 2006-2021 Major Hayden - major@mhtx.net For the latest updates, please visit http://mysqltuner.pl/ diff --git a/mysqltuner.pl b/mysqltuner.pl index cb523f2..09fa6d3 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -133,7 +133,7 @@ GetOptions( 'color', 'noprocess', 'dbstat', 'nodbstat', 'tbstat', 'notbstat', - 'colstat', 'nocolstat', + 'colstat', 'nocolstat', 'sysstat', 'nosysstat', 'pfstat', 'nopfstat', 'idxstat', 'noidxstat', @@ -199,7 +199,7 @@ if ( $opt{verbose} ) { } $opt{nocolor} = 1 if defined( $opt{outputfile} ); $opt{tbstat} = 0 if ( $opt{notbstat} == 1 ); # Don't Print table information -$opt{colstat} = 0 if ( $opt{nocolstat} == 1 ); # Don't Print column information +$opt{colstat} = 0 if ( $opt{nocolstat} == 1 ); # Don't Print column information $opt{dbstat} = 0 if ( $opt{nodbstat} == 1 ); # Don't Print database information $opt{noprocess} = 0 if ( $opt{noprocess} == 1 ); # Don't Print process information @@ -300,16 +300,16 @@ sub infoprinthcmd { # Calculates the number of physical cores considering HyperThreading sub cpu_cores { - if ($^O eq 'linux') { - my $cntCPU = - `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; - return ( $cntCPU == 0 ? `nproc` : $cntCPU ); - } + if ( $^O eq 'linux' ) { + my $cntCPU = +`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; + return ( $cntCPU == 0 ? `nproc` : $cntCPU ); + } - if ($^O eq 'freebsd') { - my $cntCPU = `sysctl -n kern.smp.cores`; - chomp $cntCPU; - return $cntCPU + 0; + if ( $^O eq 'freebsd' ) { + my $cntCPU = `sysctl -n kern.smp.cores`; + chomp $cntCPU; + return $cntCPU + 0; } return 0; } @@ -1178,22 +1178,24 @@ sub get_all_vars { debugprint Dumper(@mysqlenginelist); my @mysqlslave; - if ( mysql_version_eq( 8 ) or mysql_version_ge( 10, 5 ) ) { - @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); - } else { - @mysqlslave = select_array("SHOW REPLICA STATUS\\G"); + if ( mysql_version_eq(8) or mysql_version_ge( 10, 5 ) ) { + @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); + } + else { + @mysqlslave = select_array("SHOW REPLICA STATUS\\G"); } arr2hash( \%myrepl, \@mysqlslave, ':' ); $result{'Replication'}{'Status'} = \%myrepl; my @mysqlslaves; - if ( mysql_version_eq( 8 ) or mysql_version_ge( 10, 5 ) ) { - @mysqlslaves= select_array "SHOW SLAVE HOSTS"; - } else { - @mysqlslaves = select_array("SHOW SLAVE STATUS\\G"); + if ( mysql_version_eq(8) or mysql_version_ge( 10, 5 ) ) { + @mysqlslaves = select_array "SHOW SLAVE HOSTS"; + } + else { + @mysqlslaves = select_array("SHOW SLAVE STATUS\\G"); } - my @lineitems = (); + my @lineitems = (); foreach my $line (@mysqlslaves) { debugprint "L: $line "; @lineitems = split /\s+/, $line; @@ -1587,19 +1589,19 @@ sub merge_hash { } sub is_virtual_machine { - if ($^O eq 'linux') { - my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; - return ( $isVm == 0 ? 0 : 1 ); + if ( $^O eq 'linux' ) { + my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; + return ( $isVm == 0 ? 0 : 1 ); } - if ($^O eq 'freebsd') { - my $isVm = `sysctl -n kern.vm_guest`; - chomp $isVm; - print "FARK DEBUG isVm=[$isVm]"; - return ( $isVm eq 'none' ? 0 : 1); - } - return 0; - } + if ( $^O eq 'freebsd' ) { + my $isVm = `sysctl -n kern.vm_guest`; + chomp $isVm; + print "FARK DEBUG isVm=[$isVm]"; + return ( $isVm eq 'none' ? 0 : 1 ); + } + return 0; +} sub infocmd { my $cmd = "@_"; @@ -2739,8 +2741,14 @@ sub calculations { # Table cache if ( $mystat{'Opened_tables'} > 0 ) { $mycalc{'table_cache_hit_rate'} = + #int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); - int( $mystat{'Table_open_cache_hits'} * 100 / ( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) ); + int( + $mystat{'Table_open_cache_hits'} * 100 / ( + $mystat{'Table_open_cache_hits'} + + $mystat{'Table_open_cache_misses'} + ) + ); } else { @@ -3292,9 +3300,10 @@ sub mysql_stats { if ( $mystat{'Open_tables'} > 0 ) { if ( $mycalc{'table_cache_hit_rate'} < 20 ) { badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Table_open_cache_hits'} ) + . hr_num( $mystat{'Table_open_cache_hits'} ) . " hits / " - . hr_num( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) + . hr_num( $mystat{'Table_open_cache_hits'} + + $mystat{'Table_open_cache_misses'} ) . " requests)"; if ( mysql_version_ge( 5, 1 ) ) { $table_cache_var = "table_open_cache"; @@ -3337,9 +3346,10 @@ sub mysql_stats { } else { goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Table_open_cache_hits'} ) + . hr_num( $mystat{'Table_open_cache_hits'} ) . " hits / " - . hr_num( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) + . hr_num( $mystat{'Table_open_cache_hits'} + + $mystat{'Table_open_cache_misses'} ) . " requests)"; } } @@ -3589,16 +3599,29 @@ sub mariadb_threadpool { infoprint "Thread Pool Size: " . $myvar{'thread_pool_size'} . " thread(s)."; if ( $myvar{'version'} =~ /percona/i ) { - my $np=cpu_cores; - if ($myvar{'thread_pool_size'} >= $np and $myvar{'thread_pool_size'}< ($np *1.5)) { - goodprint "thread_pool_size for Percona betwwen 1 and 1.5 times nimber of CPUs (".$np. " and ".($np *1.5).")"; - } else { - badprint "thread_pool_size for Percona betwwen 1 and 1.5 times nimber of CPUs (".$np. " and ".($np *1.5).")"; - push( @adjvars, "thread_pool_size between ".$np . " and ".($np *1.5)." for InnoDB usage" ); - } + my $np = cpu_cores; + if ( $myvar{'thread_pool_size'} >= $np + and $myvar{'thread_pool_size'} < ( $np * 1.5 ) ) + { + goodprint +"thread_pool_size for Percona betwwen 1 and 1.5 times nimber of CPUs (" + . $np . " and " + . ( $np * 1.5 ) . ")"; + } + else { + badprint +"thread_pool_size for Percona betwwen 1 and 1.5 times nimber of CPUs (" + . $np . " and " + . ( $np * 1.5 ) . ")"; + push( @adjvars, + "thread_pool_size between " + . $np . " and " + . ( $np * 1.5 ) + . " for InnoDB usage" ); + } return; } - + if ( $myvar{'version'} =~ /mariadb/i ) { infoprint "Using default value is good enough for your version (" . $myvar{'version'} . ")"; @@ -5418,15 +5441,19 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) { - badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads (=".($myvar{'wsrep_slave_threads'} * 5). ")"; - push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5 (=".($myvar{'wsrep_slave_threads'} * 5). ")"; + badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads (=" + . ( $myvar{'wsrep_slave_threads'} * 5 ) . ")"; + push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5 (=" + . ( $myvar{'wsrep_slave_threads'} * 5 ) . ")"; } else { - goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads ( =".get_wsrep_option('gcs.fc_limit') .")"; + goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads ( =" + . get_wsrep_option('gcs.fc_limit') . ")"; } if ( get_wsrep_option('gcs.fc_factor') != 0.8 ) { - badprint "gcs.fc_factor should be equal to 0.8 (=".get_wsrep_option('gcs.fc_factor').")"; + badprint "gcs.fc_factor should be equal to 0.8 (=" + . get_wsrep_option('gcs.fc_factor') . ")"; push @adjvars, "gcs.fc_factor=0.8"; } else { @@ -6176,10 +6203,12 @@ sub mysql_tables { uc($ctype) . ( $isnull eq 'NO' ? " NOT NULL" : "" ); my $optimal_type = ''; - if ($opt{colstat} == 1) { - $optimal_type = select_str_g( "Optimal_fieldtype", + if ( $opt{colstat} == 1 ) { + $optimal_type = select_str_g( "Optimal_fieldtype", "SELECT \\`$_\\` FROM \\`$dbname\\`.\\`$tbname\\` PROCEDURE ANALYSE(100000)" - ) unless ( mysql_version_ge(8) and not mysql_version_eq(10) ); + ) + unless ( mysql_version_ge(8) + and not mysql_version_eq(10) ); } if ( $optimal_type eq '' ) { infoprint " Current Fieldtype: $current_type"; diff --git a/vulnerabilities.csv b/vulnerabilities.csv index b8eded3..1596eae 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -940,9 +940,9 @@ 0.37.12;0;37;12;CVE-2018-6617;Candidate;"Easy Hosting Control Panel (EHCP) v0.37.12.b; when using a local MySQL server; allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.";"MISC:http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt | MISC:http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html";Assigned (20180204);"None (candidate not yet proposed)";"" 18.3.4;18;3;4;CVE-2019-1010259;Candidate;"SaltStack Salt 2018.3; 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.";"MISC:https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a | MISC:https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534 | MISC:https://github.com/saltstack/salt/pull/51462";Assigned (20190320);"None (candidate not yet proposed)";"" 9.0.1;9;0;1;CVE-2019-11200;Candidate;"Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However; the application performs insufficient checks on the export parameters to mysqldump; which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)";"MISC:https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities";Assigned (20190411);"None (candidate not yet proposed)";"" -2.9.8;2;9;8;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" -8.0.13;8;0;13;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" -8.4.0;8;4;0;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +2.9.8;2;9;8;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +8.0.13;8;0;13;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +8.4.0;8;4;0;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-12301;Candidate;"The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.";"MISC:https://jira.percona.com/browse/PS-5640 | MISC:https://www.percona.com/blog/2019/05/17/percona-server-for-mysql-5-6-44-85-0-is-now-available/";Assigned (20190523);"None (candidate not yet proposed)";"" 5.4.0;5;4;0;CVE-2019-15635;Candidate;"An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g.; MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the ""Save and test"" button within a data source's settings menu. When watching the transaction with Burp Proxy; the password for the data source is revealed and sent to the server. From a browser; a prompt to save the credentials is generated; and the password can be revealed by simply checking the ""Show password"" box.";"CONFIRM:https://security.netapp.com/advisory/ntap-20191009-0002/ | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/167244";Assigned (20190826);"None (candidate not yet proposed)";"" 65.0.0;65;0;0;CVE-2019-16065;Candidate;"A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server; expose database tables and values; and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.";"MISC:https://www.mogozobo.com/?p=3647";Assigned (20190906);"None (candidate not yet proposed)";"" @@ -1135,8 +1135,8 @@ 5.7.27;5;7;27;CVE-2019-2923;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.45;5;6;45;CVE-2019-2924;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2924;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" -5.7.27;5;7;27;CVE-2019-2938;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" -8.0.17;8;0;17;CVE-2019-2938;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" +5.7.27;5;7;27;CVE-2019-2938;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" +8.0.17;8;0;17;CVE-2019-2938;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2946;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2946;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2948;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" @@ -1152,9 +1152,9 @@ 5.6.44;5;6;44;CVE-2019-2969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" -5.6.45;5;6;45;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" -5.7.27;5;7;27;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" -8.0.17;8;0;17;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" +5.6.45;5;6;45;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" +5.7.27;5;7;27;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" +8.0.17;8;0;17;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2982;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2993;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2993;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" @@ -1168,180 +1168,180 @@ 3.1.7;3;1;7;CVE-2020-13249;Candidate;"libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL; this issue does not affect any MySQL components supported by Oracle.";"FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8 | SUSE:openSUSE-SU-2020:0738 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20200520);"None (candidate not yet proposed)";"" 3.1.6;3;1;6;CVE-2020-13249;Candidate;"libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL; this issue does not affect any MySQL components supported by Oracle.";"FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8 | SUSE:openSUSE-SU-2020:0738 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20200520);"None (candidate not yet proposed)";"" 4.17.6;4;17;6;CVE-2020-14027;Candidate;"An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments; such as ENABLE_LOCAL_INFILE; that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.";"MISC:http://www.ozeki.hu/index.php?owpn=231 | MISC:https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14027-MySQL%20LOAD%20DATA%20LOCAL%20INFILE%20Attack-Ozeki%20SMS%20Gateway";Assigned (20200611);"None (candidate not yet proposed)";"" -5.6.48;5;6;48;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.30;5;7;30;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.30;5;7;30;CVE-2020-14540;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14540;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.30;5;7;30;CVE-2020-14547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.30;5;7;30;CVE-2020-14553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.6.48;5;6;48;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.30;5;7;30;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.29;5;7;29;CVE-2020-14567;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-14567;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14568;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14575;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.30;5;7;30;CVE-2020-14576;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14576;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14586;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14591;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14597;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14614;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14619;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14620;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14623;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14631;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14634;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14643;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14651;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14654;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14656;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14663;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -5.6.49;5;6;49;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14678;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14680;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14697;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14702;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14725;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200731-0006/ | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.6.49;5;6;49;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.6.49;5;6;49;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14771;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14771;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14773;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14775;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14775;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14776;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14776;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14777;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14785;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14786;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14789;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14789;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14791;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.6.49;5;6;49;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14794;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2020-14799;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14800;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14809;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.6.49;5;6;49;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14821;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14827;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14827;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14828;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14829;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14830;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14836;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14837;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14838;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14839;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14844;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14845;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14846;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14848;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14852;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14860;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14861;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14866;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.6.49;5;6;49;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14868;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -5.7.31;5;7;31;CVE-2020-14869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14870;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14873;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14878;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14888;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14891;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2020-14893;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.48;5;6;48;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2020-14540;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14540;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2020-14547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2020-14553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.48;5;6;48;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2020-14567;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-14567;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14568;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14575;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2020-14576;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14576;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14586;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14591;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14597;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14614;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14619;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14620;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14623;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14631;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14634;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14643;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14651;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14654;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14656;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14663;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.49;5;6;49;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14678;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14680;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14697;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14702;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14725;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200731-0006/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.49;5;6;49;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.49;5;6;49;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14771;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14771;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14773;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14775;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14775;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14776;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14776;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14777;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14785;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14786;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14789;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14789;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14791;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.49;5;6;49;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14794;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2020-14799;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14800;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14809;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.49;5;6;49;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14821;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14827;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14827;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14828;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14829;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14830;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14836;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14837;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14838;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14839;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14844;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14845;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14846;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14848;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14852;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14860;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14861;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14866;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.6.49;5;6;49;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14868;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +5.7.31;5;7;31;CVE-2020-14869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14870;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14873;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14878;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14888;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14891;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2020-14893;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 4.30.-1;4;30;-1;CVE-2020-15051;Candidate;"An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name; Your Email Address; Group Name; MYSQL Server; Database; MYSQL Username; Group Name; and Task Description fields.";"MISC:http://artica-proxy.com/telechargements/ | MISC:https://github.com/pratikshad19/CVE-2020-15051";Assigned (20200625);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2572;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2572;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.6.46;5;6;46;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.17;8;0;17;CVE-2020-2580;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2584;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2584;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2588;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.17;8;0;17;CVE-2020-2589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2627;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2572;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2572;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.6.46;5;6;46;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.17;8;0;17;CVE-2020-2580;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2584;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2584;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2588;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.17;8;0;17;CVE-2020-2589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2627;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 1.58.1;1;58;1;CVE-2020-26277;Candidate;"DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2; users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario; an attacker could induce dbdeployer to write into a system file; thus altering the computer defenses. For the attack to succeed; the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root; it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source; without testing the checksum. When the tarball is retrieved through dbdeployer; the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2.";"CONFIRM:https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82 | URL:https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82 | MISC:https://github.com/datacharmer/dbdeployer/commit/548e256c1de2f99746e861454e7714ec6bc9bb10 | URL:https://github.com/datacharmer/dbdeployer/commit/548e256c1de2f99746e861454e7714ec6bc9bb10";Assigned (20201001);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-26542;Candidate;"An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory; Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password; leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.";"CONFIRM:https://www.percona.com/blog/2020/10/13/percona-distribution-for-mysql-pxc-variant-8-0-20-fixes-for-security-vulnerability-release-roundup-october-13-2020/ | CONFIRM:https://www.percona.com/doc/percona-distribution-mysql/8.0/release-notes-pxc-v8.0.20.upd2.html | MISC:https://jira.percona.com/browse/PS-7358 | MISC:https://jira.percona.com/browse/PSMDB-726";Assigned (20201002);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2660;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2660;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2679;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2686;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2694;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2759;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.29;5;7;29;CVE-2020-2760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2761;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2762;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.6.47;5;6;47;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.29;5;7;29;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.29;5;7;29;CVE-2020-2765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2770;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2774;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2779;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -5.6.47;5;6;47;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.29;5;7;29;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -5.6.47;5;6;47;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.29;5;7;29;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2806;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -5.6.47;5;6;47;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.29;5;7;29;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -5.6.47;5;6;47;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" -5.7.28;5;7;28;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.18;8;0;18;CVE-2020-2853;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2892;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2893;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2895;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2896;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2897;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2898;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2901;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2903;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2904;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2921;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2923;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2924;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2925;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2926;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2928;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2020-2930;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2660;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2660;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2679;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2686;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2694;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2759;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2020-2760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2761;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2762;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.6.47;5;6;47;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2020-2765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2770;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2774;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2779;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +5.6.47;5;6;47;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +5.6.47;5;6;47;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2806;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +5.6.47;5;6;47;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +5.6.47;5;6;47;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" +5.7.28;5;7;28;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.18;8;0;18;CVE-2020-2853;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2892;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2893;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2895;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2896;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2897;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2898;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2901;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2903;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2904;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2921;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2923;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2924;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2925;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2926;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2928;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2020-2930;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 1.4.0;1;4;0;CVE-2020-5426;Candidate;"Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.";"CONFIRM:https://tanzu.vmware.com/security/cve-2020-5426 | URL:https://tanzu.vmware.com/security/cve-2020-5426";Assigned (20200103);"None (candidate not yet proposed)";"" 0.7.24;0;7;24;CVE-2020-5777;Candidate;"MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a ""Too many connections"" error; then use default magmi:magmi basic authentication to remotely bypass authentication.";"MISC:https://www.tenable.com/security/research/tra-2020-51 | URL:https://www.tenable.com/security/research/tra-2020-51";Assigned (20200106);"None (candidate not yet proposed)";"" 10.4.7;10;4;7;CVE-2020-7221;Candidate;"mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely; as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product; which implements mysql_install_db differently.";"CONFIRM:https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=1160868 | MISC:https://seclists.org/oss-sec/2020/q1/55";Assigned (20200117);"None (candidate not yet proposed)";"" @@ -1349,44 +1349,116 @@ 2.2.0;2;2;0;CVE-2020-7920;Candidate;"pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.";"MISC:https://jira.percona.com/browse/PMM-5232 | MISC:https://jira.percona.com/browse/PMM-5233 | MISC:https://www.percona.com/blog/2020/02/03/improvements-in-pmm-bug-fixes-in-percona-server-percona-backup-for-mongodb-alert-release-roundup-2-3-2020/ | MISC:https://www.percona.com/doc/percona-monitoring-and-management/2.x/release-notes/2.2.1.html";Assigned (20200123);"None (candidate not yet proposed)";"" 19.1.3;19;1;3;CVE-2020-8611;Candidate;"In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1; multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements.";"CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm | CONFIRM:https://status.moveitcloud.com/ | MISC:https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020";Assigned (20200204);"None (candidate not yet proposed)";"" 19.2.0;19;2;0;CVE-2020-8611;Candidate;"In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1; multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements.";"CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm | CONFIRM:https://status.moveitcloud.com/ | MISC:https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020";Assigned (20200204);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2021-1998;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.6.50;5;6;50;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.7.30;5;7;30;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.17;8;0;17;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2002;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2021-2009;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2021-2012;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.7.32;5;7;32;CVE-2021-2014;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2021-2016;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.19;8;0;19;CVE-2021-2019;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.20;8;0;20;CVE-2021-2020;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2021;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.6.50;5;6;50;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.7.32;5;7;32;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2024;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2021-2028;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2021-2030;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2031;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.7.32;5;7;32;CVE-2021-2032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2036;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2038;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2021-2042;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2046;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2048;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.21;8;0;21;CVE-2021-2055;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2056;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2058;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.6.50;5;6;50;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -5.7.32;5;7;32;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2061;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2065;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2070;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2072;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2076;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2081;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2087;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2088;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" -8.0.22;8;0;22;CVE-2021-2122;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2021-1998;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.6.50;5;6;50;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.17;8;0;17;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2002;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2021-2009;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2021-2012;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.32;5;7;32;CVE-2021-2014;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2021-2016;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2021-2019;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.20;8;0;20;CVE-2021-2020;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2021;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.6.50;5;6;50;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.32;5;7;32;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2024;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2021-2028;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2021-2030;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2031;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.32;5;7;32;CVE-2021-2032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2036;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2038;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2021-2042;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2046;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2048;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2021-2055;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2056;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2058;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.6.50;5;6;50;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.32;5;7;32;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2061;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2065;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2070;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2072;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2076;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2081;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2087;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2088;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2122;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.29;5;7;29;CVE-2021-2144;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.19;8;0;19;CVE-2021-2144;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2146;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2146;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2154;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-179f2fbb88 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/ | FEDORA:FEDORA-2021-27187ac9dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/ | FEDORA:FEDORA-2021-68db93b130 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.30;5;7;30;CVE-2021-2160;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.17;8;0;17;CVE-2021-2160;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2162;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2162;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2164;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2166;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-179f2fbb88 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/ | FEDORA:FEDORA-2021-27187ac9dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-68db93b130 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2166;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-179f2fbb88 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/ | FEDORA:FEDORA-2021-27187ac9dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-68db93b130 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2169;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2169;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2170;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2171;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2171;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2172;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2174;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2174;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.32;5;7;32;CVE-2021-2178;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2178;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2179;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2179;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2180;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2180;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2193;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2194;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2194;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2196;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2201;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.32;5;7;32;CVE-2021-2202;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2202;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2203;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2208;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2212;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.22;8;0;22;CVE-2021-2213;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2215;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2217;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2226;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2226;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2230;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2232;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2278;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2293;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2298;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2299;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2300;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2301;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2305;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.33;5;7;33;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2308;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +0.20.2;0;20;2;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" +0.21.0;0;21;0;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" +10.2.36;10;2;36;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" +10.3.27;10;3;27;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" +10.4.17;10;4;17;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" +10.5.8;10;5;8;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" +19.0.5;19;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +11.0.5;11;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +19.1.4;19;1;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +11.1.4;11;1;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +19.2.1;19;2;1;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +11.2.1;11;2;1;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +20.0.4;20;0;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +12.0.4;12;0;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +20.1.3;20;1;3;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +12.1.3;12;1;3;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +21.0.0;21;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +13.0.0;13;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" From dde94aa343f9ce9313b7a769fc14b557d79432cd Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Mon, 5 Jul 2021 08:45:01 +0200 Subject: [PATCH 11/19] Create exec.yml --- .github/workflows/exec.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/exec.yml diff --git a/.github/workflows/exec.yml b/.github/workflows/exec.yml new file mode 100644 index 0000000..f937a06 --- /dev/null +++ b/.github/workflows/exec.yml @@ -0,0 +1,36 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the master branch + push: + branches: [ master ] + pull_request: + branches: [ master ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v2 + + # Runs a single command using the runners shell + - name: Run a one-line script + run: echo Hello, world! + + # Runs a set of commands using the runners shell + - name: Run a multi-line script + run: | + echo Add other actions to build, + echo test, and deploy your project. From 78d8f3ed859a9815d782fc49a2525643e74479de Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Tue, 13 Jul 2021 18:56:52 +0200 Subject: [PATCH 12/19] Version 1.8.0: Support MariaDB 10.6 Update needed for MariaDB 10.6 #557 --- mysqltuner.pl | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 09fa6d3..fd8d599 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.29 +# mysqltuner.pl - Version 1.8.0 # High Performance MySQL Tuning Script # Copyright (C) 2006-2021 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.29"; +my $tunerversion = "1.8.0"; my ( @adjvars, @generalrec ); # Set defaults @@ -1669,17 +1669,18 @@ sub get_kernel_info { infoprint "TCP slot entries is > 100."; } - if ( `sysctl -n fs.aio-max-nr` < 1000000 ) { - badprint -"Max running total of the number of events is < 1M, please consider having a value greater than 1M"; - push @generalrec, "setup Max running number events greater than 1M"; - push @adjvars, - 'fs.aio-max-nr > 1M (echo 1048576 > /proc/sys/fs/aio-max-nr)'; - } - else { - infoprint "Max Number of AIO events is > 1M."; - } - + if ( -f "/proc/sys/fs/aio-max-nr" ) + { + if ( `sysctl -n fs.aio-max-nr` < 1000000 ) { + badprint + "Max running total of the number of events is < 1M, please consider having a value greater than 1M"; + push @generalrec, "setup Max running number events greater than 1M"; + push @adjvars, + 'fs.aio-max-nr > 1M (echo 1048576 > /proc/sys/fs/aio-max-nr)'; + } else { + infoprint "Max Number of AIO events is > 1M."; + } + } } sub get_system_info { @@ -2102,7 +2103,8 @@ sub validate_mysql_version { or mysql_version_eq( 10, 2 ) or mysql_version_eq( 10, 3 ) or mysql_version_eq( 10, 4 ) - or mysql_version_eq( 10, 5 ) ) + or mysql_version_eq( 10, 5 ) + or mysql_version_eq( 10, 6 ) ) { goodprint "Currently running supported MySQL version " . $myvar{'version'} . ""; @@ -2809,6 +2811,8 @@ sub calculations { } # InnoDB + $myvar{'innodb_log_files_in_group'} = 1 unless defined($myvar{'innodb_log_files_in_group'}); + $myvar{"innodb_buffer_pool_instances"} = 1 unless defined($myvar{'innodb_buffer_pool_instances'}); if ( $myvar{'have_innodb'} eq "YES" ) { $mycalc{'innodb_log_size_pct'} = ( $myvar{'innodb_log_file_size'} * @@ -6561,7 +6565,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.29 - MySQL High Performance Tuning Script + MySQLTuner 1.8.0 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 7a2a0f1b13a95df41799a4c444ebd14dab322203 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Thu, 15 Jul 2021 17:02:24 +0200 Subject: [PATCH 13/19] Illegal division by zero at ./mysqltuner.pl line 2745 #558 Wrong table cache hit rate calculation #548 --- mysqltuner.pl | 46 +++++++++++++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 13 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index fd8d599..70b9577 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2742,18 +2742,18 @@ sub calculations { # Table cache if ( $mystat{'Opened_tables'} > 0 ) { - $mycalc{'table_cache_hit_rate'} = + if (not defined($mystat{'Table_open_cache_hits'})) { + $mycalc{'table_cache_hit_rate'} = + int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); + } else { + $mycalc{'table_cache_hit_rate'} = + int( + $mystat{'Table_open_cache_hits'} * 100 / ( + $mystat{'Table_open_cache_hits'} + + $mystat{'Table_open_cache_misses'} ) ); + } - #int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); - int( - $mystat{'Table_open_cache_hits'} * 100 / ( - $mystat{'Table_open_cache_hits'} + - $mystat{'Table_open_cache_misses'} - ) - ); - - } - else { + } else { $mycalc{'table_cache_hit_rate'} = 100; } @@ -3303,12 +3303,23 @@ sub mysql_stats { my $table_cache_var = ""; if ( $mystat{'Open_tables'} > 0 ) { if ( $mycalc{'table_cache_hit_rate'} < 20 ) { - badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + + unless (defined($mystat{'Table_open_cache_hits'})) { + badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Open_tables'} ) + . " hits / " + . hr_num( $mystat{'Opened_tables'} ) + . " requests)"; + } else { + badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" . hr_num( $mystat{'Table_open_cache_hits'} ) . " hits / " . hr_num( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) . " requests)"; + } + + if ( mysql_version_ge( 5, 1 ) ) { $table_cache_var = "table_open_cache"; } @@ -3349,12 +3360,21 @@ sub mysql_stats { . ")" ); } else { - goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + unless (defined($mystat{'Table_open_cache_hits'})) { + goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Open_tables'} ) + . " hits / " + . hr_num( $mystat{'Opened_tables'} ) + . " requests)"; + } else { + goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" . hr_num( $mystat{'Table_open_cache_hits'} ) . " hits / " . hr_num( $mystat{'Table_open_cache_hits'} + $mystat{'Table_open_cache_misses'} ) . " requests)"; + } + } } From 7aa57fa7702d17973d39e7705531f407c91e37ed Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Thu, 15 Jul 2021 17:03:00 +0200 Subject: [PATCH 14/19] Illegal division by zero at ./mysqltuner.pl line 2745 #558 Wrong table cache hit rate calculation #548 --- mysqltuner.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 70b9577..f43e39e 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.8.0 +# mysqltuner.pl - Version 1.8.1 # High Performance MySQL Tuning Script # Copyright (C) 2006-2021 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.8.0"; +my $tunerversion = "1.8.1"; my ( @adjvars, @generalrec ); # Set defaults @@ -6585,7 +6585,7 @@ __END__ =head1 NAME - MySQLTuner 1.8.0 - MySQL High Performance Tuning Script + MySQLTuner 1.8.1 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 6584233c722379d86da10e4ea45467a3a56bb036 Mon Sep 17 00:00:00 2001 From: Jan Willamowius Date: Sat, 17 Jul 2021 08:35:44 +0200 Subject: [PATCH 15/19] fix English grammar --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index f43e39e..42077a2 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1360,14 +1360,14 @@ sub log_file_recommendations { if ( $nbWarnLog > 0 ) { badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; push @generalrec, - "Control warning line(s) into $myvar{'log_error'} file"; + "Check warning line(s) in $myvar{'log_error'} file"; } else { goodprint "$myvar{'log_error'} doesn't contain any warning."; } if ( $nbErrLog > 0 ) { badprint "$myvar{'log_error'} contains $nbErrLog error(s)."; - push @generalrec, "Control error line(s) into $myvar{'log_error'} file"; + push @generalrec, "Check error line(s) in $myvar{'log_error'} file"; } else { goodprint "$myvar{'log_error'} doesn't contain any error."; From d37a1f7c792686f252990ebc476b41c25a411e96 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 25 Aug 2021 11:56:11 +0200 Subject: [PATCH 16/19] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- USAGE.md | 156 ------------------------------------------------------- 1 file changed, 156 deletions(-) diff --git a/USAGE.md b/USAGE.md index 9ecfa92..e69de29 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,156 +0,0 @@ -# NAME - - MySQLTuner 1.7.29 - MySQL High Performance Tuning Script - -# IMPORTANT USAGE GUIDELINES - -To run the script with the default options, run the script without arguments -Allow MySQL server to run for at least 24-48 hours before trusting suggestions -Some routines may require root level privileges (script will provide warnings) -You must provide the remote server's total memory when connecting to other servers - -# CONNECTION AND AUTHENTICATION - - --host Connect to a remote host to perform tests (default: localhost) - --socket Use a different socket for a local connection - --port Port to use for connection (default: 3306) - --user Username to use for authentication - --userenv Name of env variable which contains username to use for authentication - --pass Password to use for authentication - --passenv Name of env variable which contains password to use for authentication - --ssl-ca Path to public key - --mysqladmin Path to a custom mysqladmin executable - --mysqlcmd Path to a custom mysql executable - --defaults-file Path to a custom .my.cnf - --server-log Path to explict log file - -# PERFORMANCE AND REPORTING OPTIONS - - --skipsize Don't enumerate tables and their types/sizes (default: on) - (Recommended for servers with many tables) - --skippassword Don't perform checks on user passwords(default: off) - --checkversion Check for updates to MySQLTuner (default: don't check) - --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) - --forcemem Amount of RAM installed in megabytes - --forceswap Amount of swap memory configured in megabytes - --passwordfile Path to a password file list(one password by line) - -# OUTPUT OPTIONS - - --silent Don't output anything on screen - --nogood Remove OK responses - --nobad Remove negative/suggestion responses - --noinfo Remove informational responses - --debug Print debug information - --noprocess Consider no other process is running - --dbstat Print database information - --nodbstat Don't Print database information - --tbstat Print table information - --notbstat Don't Print table information - --colstat Print column information - --nocolstat Don't Print column information - --idxstat Print index information - --noidxstat Don't Print index information - --sysstat Print system information - --nosysstat Don't Print system information - --pfstat Print Performance schema - --nopfstat Don't Print Performance schema - --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) - --bannedports Ports banned separated by comma(,) - --maxportallowed Number of ports opened allowed on this hosts - --cvefile CVE File for vulnerability checks - --nocolor Don't print output in color - --json Print result as JSON string - --buffers Print global and per-thread buffer values - --outputfile Path to a output txt file - --reportfile Path to a report txt file - --template Path to a template file - -# PERLDOC - -You can find documentation for this module with the perldoc command. - - perldoc mysqltuner - -## INTERNALS - -[https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) - - Internal documentation - -# AUTHORS - -Major Hayden - major@mhtx.net - -# CONTRIBUTORS - -- Matthew Montgomery -- Paul Kehrer -- Dave Burgess -- Jonathan Hinds -- Mike Jackson -- Nils Breunese -- Shawn Ashlee -- Luuk Vosslamber -- Ville Skytta -- Trent Hornibrook -- Jason Gill -- Mark Imbriaco -- Greg Eden -- Aubin Galinotti -- Giovanni Bechis -- Bill Bradford -- Ryan Novosielski -- Michael Scheidell -- Blair Christensen -- Hans du Plooy -- Victor Trac -- Everett Barnes -- Tom Krouper -- Gary Barrueto -- Simon Greenaway -- Adam Stein -- Isart Montane -- Baptiste M. -- Cole Turner -- Major Hayden -- Joe Ashcraft -- Jean-Marie Renouard -- Stephan GroBberndt -- Christian Loos - -# SUPPORT - -Bug reports, feature requests, and downloads at http://mysqltuner.pl/ - -Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues - -Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL - -# SOURCE CODE - -[https://github.com/major/MySQLTuner-perl](https://github.com/major/MySQLTuner-perl) - - git clone https://github.com/major/MySQLTuner-perl.git - -# COPYRIGHT AND LICENSE - -Copyright (C) 2006-2021 Major Hayden - major@mhtx.net - -For the latest updates, please visit http://mysqltuner.pl/ - -Git repository available at https://github.com/major/MySQLTuner-perl - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see <https://www.gnu.org/licenses/>. From 1e9920b545005388be74595e07805cf0ea1435ee Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 25 Aug 2021 12:01:28 +0200 Subject: [PATCH 17/19] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- USAGE.md | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++ mysqltuner.pl | 128 ++++++++++++++++++++++------------------- 2 files changed, 225 insertions(+), 59 deletions(-) diff --git a/USAGE.md b/USAGE.md index e69de29..98a6018 100644 --- a/USAGE.md +++ b/USAGE.md @@ -0,0 +1,156 @@ +# NAME + + MySQLTuner 1.8.1 - MySQL High Performance Tuning Script + +# IMPORTANT USAGE GUIDELINES + +To run the script with the default options, run the script without arguments +Allow MySQL server to run for at least 24-48 hours before trusting suggestions +Some routines may require root level privileges (script will provide warnings) +You must provide the remote server's total memory when connecting to other servers + +# CONNECTION AND AUTHENTICATION + + --host Connect to a remote host to perform tests (default: localhost) + --socket Use a different socket for a local connection + --port Port to use for connection (default: 3306) + --user Username to use for authentication + --userenv Name of env variable which contains username to use for authentication + --pass Password to use for authentication + --passenv Name of env variable which contains password to use for authentication + --ssl-ca Path to public key + --mysqladmin Path to a custom mysqladmin executable + --mysqlcmd Path to a custom mysql executable + --defaults-file Path to a custom .my.cnf + --server-log Path to explict log file + +# PERFORMANCE AND REPORTING OPTIONS + + --skipsize Don't enumerate tables and their types/sizes (default: on) + (Recommended for servers with many tables) + --skippassword Don't perform checks on user passwords(default: off) + --checkversion Check for updates to MySQLTuner (default: don't check) + --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) + --forcemem Amount of RAM installed in megabytes + --forceswap Amount of swap memory configured in megabytes + --passwordfile Path to a password file list(one password by line) + +# OUTPUT OPTIONS + + --silent Don't output anything on screen + --nogood Remove OK responses + --nobad Remove negative/suggestion responses + --noinfo Remove informational responses + --debug Print debug information + --noprocess Consider no other process is running + --dbstat Print database information + --nodbstat Don't Print database information + --tbstat Print table information + --notbstat Don't Print table information + --colstat Print column information + --nocolstat Don't Print column information + --idxstat Print index information + --noidxstat Don't Print index information + --sysstat Print system information + --nosysstat Don't Print system information + --pfstat Print Performance schema + --nopfstat Don't Print Performance schema + --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) + --bannedports Ports banned separated by comma(,) + --maxportallowed Number of ports opened allowed on this hosts + --cvefile CVE File for vulnerability checks + --nocolor Don't print output in color + --json Print result as JSON string + --buffers Print global and per-thread buffer values + --outputfile Path to a output txt file + --reportfile Path to a report txt file + --template Path to a template file + +# PERLDOC + +You can find documentation for this module with the perldoc command. + + perldoc mysqltuner + +## INTERNALS + +[https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) + + Internal documentation + +# AUTHORS + +Major Hayden - major@mhtx.net + +# CONTRIBUTORS + +- Matthew Montgomery +- Paul Kehrer +- Dave Burgess +- Jonathan Hinds +- Mike Jackson +- Nils Breunese +- Shawn Ashlee +- Luuk Vosslamber +- Ville Skytta +- Trent Hornibrook +- Jason Gill +- Mark Imbriaco +- Greg Eden +- Aubin Galinotti +- Giovanni Bechis +- Bill Bradford +- Ryan Novosielski +- Michael Scheidell +- Blair Christensen +- Hans du Plooy +- Victor Trac +- Everett Barnes +- Tom Krouper +- Gary Barrueto +- Simon Greenaway +- Adam Stein +- Isart Montane +- Baptiste M. +- Cole Turner +- Major Hayden +- Joe Ashcraft +- Jean-Marie Renouard +- Stephan GroBberndt +- Christian Loos + +# SUPPORT + +Bug reports, feature requests, and downloads at http://mysqltuner.pl/ + +Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues + +Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL + +# SOURCE CODE + +[https://github.com/major/MySQLTuner-perl](https://github.com/major/MySQLTuner-perl) + + git clone https://github.com/major/MySQLTuner-perl.git + +# COPYRIGHT AND LICENSE + +Copyright (C) 2006-2021 Major Hayden - major@mhtx.net + +For the latest updates, please visit http://mysqltuner.pl/ + +Git repository available at https://github.com/major/MySQLTuner-perl + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see <https://www.gnu.org/licenses/>. diff --git a/mysqltuner.pl b/mysqltuner.pl index f43e39e..9c4b9ab 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -204,7 +204,7 @@ $opt{dbstat} = 0 if ( $opt{nodbstat} == 1 ); # Don't Print database information $opt{noprocess} = 0 if ( $opt{noprocess} == 1 ); # Don't Print process information $opt{sysstat} = 0 if ( $opt{nosysstat} == 1 ); # Don't Print sysstat information -$opt{pfstat} = 0 +$opt{pfstat} = 0 if ( $opt{nopfstat} == 1 ); # Don't Print performance schema information $opt{idxstat} = 0 if ( $opt{noidxstat} == 1 ); # Don't Print index information @@ -1669,18 +1669,18 @@ sub get_kernel_info { infoprint "TCP slot entries is > 100."; } - if ( -f "/proc/sys/fs/aio-max-nr" ) - { - if ( `sysctl -n fs.aio-max-nr` < 1000000 ) { - badprint - "Max running total of the number of events is < 1M, please consider having a value greater than 1M"; - push @generalrec, "setup Max running number events greater than 1M"; - push @adjvars, - 'fs.aio-max-nr > 1M (echo 1048576 > /proc/sys/fs/aio-max-nr)'; - } else { - infoprint "Max Number of AIO events is > 1M."; - } - } + if ( -f "/proc/sys/fs/aio-max-nr" ) { + if ( `sysctl -n fs.aio-max-nr` < 1000000 ) { + badprint +"Max running total of the number of events is < 1M, please consider having a value greater than 1M"; + push @generalrec, "setup Max running number events greater than 1M"; + push @adjvars, + 'fs.aio-max-nr > 1M (echo 1048576 > /proc/sys/fs/aio-max-nr)'; + } + else { + infoprint "Max Number of AIO events is > 1M."; + } + } } sub get_system_info { @@ -2070,7 +2070,7 @@ sub get_replication_status { "This replication slave is not running but seems to be configured."; } if ( defined($io_running) - && $io_running =~ /yes/i + && $io_running =~ /yes/i && $sql_running =~ /yes/i ) { if ( $myvar{'read_only'} eq 'OFF' ) { @@ -2742,18 +2742,21 @@ sub calculations { # Table cache if ( $mystat{'Opened_tables'} > 0 ) { - if (not defined($mystat{'Table_open_cache_hits'})) { - $mycalc{'table_cache_hit_rate'} = - int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); - } else { - $mycalc{'table_cache_hit_rate'} = - int( - $mystat{'Table_open_cache_hits'} * 100 / ( - $mystat{'Table_open_cache_hits'} + - $mystat{'Table_open_cache_misses'} ) ); - } + if ( not defined( $mystat{'Table_open_cache_hits'} ) ) { + $mycalc{'table_cache_hit_rate'} = + int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); + } + else { + $mycalc{'table_cache_hit_rate'} = int( + $mystat{'Table_open_cache_hits'} * 100 / ( + $mystat{'Table_open_cache_hits'} + + $mystat{'Table_open_cache_misses'} + ) + ); + } - } else { + } + else { $mycalc{'table_cache_hit_rate'} = 100; } @@ -2811,8 +2814,10 @@ sub calculations { } # InnoDB - $myvar{'innodb_log_files_in_group'} = 1 unless defined($myvar{'innodb_log_files_in_group'}); - $myvar{"innodb_buffer_pool_instances"} = 1 unless defined($myvar{'innodb_buffer_pool_instances'}); + $myvar{'innodb_log_files_in_group'} = 1 + unless defined( $myvar{'innodb_log_files_in_group'} ); + $myvar{"innodb_buffer_pool_instances"} = 1 + unless defined( $myvar{'innodb_buffer_pool_instances'} ); if ( $myvar{'have_innodb'} eq "YES" ) { $mycalc{'innodb_log_size_pct'} = ( $myvar{'innodb_log_file_size'} * @@ -3304,21 +3309,23 @@ sub mysql_stats { if ( $mystat{'Open_tables'} > 0 ) { if ( $mycalc{'table_cache_hit_rate'} < 20 ) { - unless (defined($mystat{'Table_open_cache_hits'})) { - badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Open_tables'} ) - . " hits / " - . hr_num( $mystat{'Opened_tables'} ) - . " requests)"; - } else { - badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Table_open_cache_hits'} ) - . " hits / " - . hr_num( $mystat{'Table_open_cache_hits'} + - $mystat{'Table_open_cache_misses'} ) - . " requests)"; - } - + unless ( defined( $mystat{'Table_open_cache_hits'} ) ) { + badprint + "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Open_tables'} ) + . " hits / " + . hr_num( $mystat{'Opened_tables'} ) + . " requests)"; + } + else { + badprint + "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Table_open_cache_hits'} ) + . " hits / " + . hr_num( $mystat{'Table_open_cache_hits'} + + $mystat{'Table_open_cache_misses'} ) + . " requests)"; + } if ( mysql_version_ge( 5, 1 ) ) { $table_cache_var = "table_open_cache"; @@ -3360,20 +3367,23 @@ sub mysql_stats { . ")" ); } else { - unless (defined($mystat{'Table_open_cache_hits'})) { - goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Open_tables'} ) - . " hits / " - . hr_num( $mystat{'Opened_tables'} ) - . " requests)"; - } else { - goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Table_open_cache_hits'} ) - . " hits / " - . hr_num( $mystat{'Table_open_cache_hits'} + - $mystat{'Table_open_cache_misses'} ) - . " requests)"; - } + unless ( defined( $mystat{'Table_open_cache_hits'} ) ) { + goodprint + "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Open_tables'} ) + . " hits / " + . hr_num( $mystat{'Opened_tables'} ) + . " requests)"; + } + else { + goodprint + "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Table_open_cache_hits'} ) + . " hits / " + . hr_num( $mystat{'Table_open_cache_hits'} + + $mystat{'Table_open_cache_misses'} ) + . " requests)"; + } } } @@ -5349,7 +5359,7 @@ sub trim { sub get_wsrep_options { return () unless defined $myvar{'wsrep_provider_options'}; - my @galera_options = split /;/, $myvar{'wsrep_provider_options'}; + my @galera_options = split /;/, $myvar{'wsrep_provider_options'}; my $wsrep_slave_threads = $myvar{'wsrep_slave_threads'}; push @galera_options, ' wsrep_slave_threads = ' . $wsrep_slave_threads; @galera_options = remove_cr @galera_options; @@ -5371,7 +5381,7 @@ sub get_wsrep_option { my @galera_options = get_wsrep_options; return '' unless scalar(@galera_options) > 0; my @memValues = grep /\s*$key =/, @galera_options; - my $memValue = $memValues[0]; + my $memValue = $memValues[0]; return 0 unless defined $memValue; $memValue =~ s/.*=\s*(.+)$/$1/g; return $memValue; @@ -5542,7 +5552,7 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" goodprint "Galera Cluster address is defined: " . $myvar{'wsrep_cluster_address'}; my @NodesTmp = split /,/, $myvar{'wsrep_cluster_address'}; - my $nbNodes = @NodesTmp; + my $nbNodes = @NodesTmp; infoprint "There are $nbNodes nodes in wsrep_cluster_address"; my $nbNodesSize = trim( $mystat{'wsrep_cluster_size'} ); if ( $nbNodesSize == 3 or $nbNodesSize == 5 ) { From 645e034efd0c2cef3007960db0c4a65d30c5c78b Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 25 Aug 2021 12:03:29 +0200 Subject: [PATCH 18/19] Update Vulnerabilities list Indenting mysqltuner Update Usage information --- vulnerabilities.csv | 68 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 1596eae..ebebe07 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1444,12 +1444,56 @@ 5.7.33;5;7;33;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2308;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2339;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2340;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2352;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2354;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2357;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2370;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2374;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2383;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2384;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2387;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2399;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2402;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2021-2412;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2418;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2422;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2424;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2425;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2426;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2429;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-889/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2437;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2440;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2441;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 0.20.2;0;20;2;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 0.21.0;0;21;0;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 10.2.36;10;2;36;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.3.27;10;3;27;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.4.17;10;4;17;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.5.8;10;5;8;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" +2.11.10;2;11;10;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.0;2;12;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.4;2;12;4;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/";Assigned (20210512);"None (candidate not yet proposed)";"" +2.8.0;2;8;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.5;2;12;5;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/";Assigned (20210512);"None (candidate not yet proposed)";"" 19.0.5;19;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 11.0.5;11;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 19.1.4;19;1;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" @@ -1462,3 +1506,27 @@ 12.1.3;12;1;3;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 21.0.0;21;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 13.0.0;13;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +21.0.2;21;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +13.0.2;13;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.0.6;19;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.0.6;11;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.1.5;19;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.1.5;11;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.2.2;19;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.2.2;11;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +20.0.5;20;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +12.0.5;12;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +20.1.4;20;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +12.1.4;12;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +21.0.3;21;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +13.0.3;13;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.0.7;19;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.0.7;11;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.1.6;19;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.1.6;11;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.2.3;19;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.2.3;11;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +20.0.6;20;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +12.0.6;12;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +20.1.5;20;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +12.1.5;12;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" From 911b1294fa8f9d4d8543b1a8e432b09c35df4268 Mon Sep 17 00:00:00 2001 From: Steve8291 Date: Thu, 26 Aug 2021 10:21:23 -0400 Subject: [PATCH 19/19] Fix Replication Status Reference Issue #553 Reversing the check for version of mysql or mariadb to use correct command. --- mysqltuner.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 637e5af..a9992ff 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1179,20 +1179,20 @@ sub get_all_vars { my @mysqlslave; if ( mysql_version_eq(8) or mysql_version_ge( 10, 5 ) ) { - @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); + @mysqlslave = select_array("SHOW REPLICA STATUS\\G"); } else { - @mysqlslave = select_array("SHOW REPLICA STATUS\\G"); + @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); } arr2hash( \%myrepl, \@mysqlslave, ':' ); $result{'Replication'}{'Status'} = \%myrepl; my @mysqlslaves; if ( mysql_version_eq(8) or mysql_version_ge( 10, 5 ) ) { - @mysqlslaves = select_array "SHOW SLAVE HOSTS"; + @mysqlslaves = select_array "SHOW SLAVE STATUS"; } else { - @mysqlslaves = select_array("SHOW SLAVE STATUS\\G"); + @mysqlslaves = select_array("SHOW SLAVE HOSTS\\G"); } my @lineitems = ();