diff --git a/mysqltuner.pl b/mysqltuner.pl index a9f1741..5453e37 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -212,7 +212,7 @@ if ( $opt{verbose} ) { $opt{nocolor} = 1 if defined( $opt{outputfile} ); $opt{tbstat} = 0 if ( $opt{notbstat} == 1 ); # Don't print table information $opt{colstat} = 0 if ( $opt{nocolstat} == 1 ); # Don't print column information -$opt{dbstat} = 0 if ( $opt{nodbstat} == 1 ); # Don't print database information +$opt{dbstat} = 0 if ( $opt{nodbstat} == 1 ); # Don't print database information $opt{noprocess} = 0 if ( $opt{noprocess} == 1 ); # Don't print process information $opt{sysstat} = 0 if ( $opt{nosysstat} == 1 ); # Don't print sysstat information @@ -1309,8 +1309,8 @@ sub get_all_vars { my @lineitems = (); foreach my $line (@mysqlslaves) { debugprint "L: $line "; - @lineitems = split /\s+/, $line; - $myslaves{ $lineitems[0] } = $line; + @lineitems = split /\s+/, $line; + $myslaves{ $lineitems[0] } = $line; $result{'Replication'}{'Slaves'}{ $lineitems[0] } = $lineitems[4]; } } @@ -1461,7 +1461,7 @@ sub log_file_recommendations { $numLi++; debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i and $logLi !~ /Logging to/; - $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /Logging to/; + $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /Logging to/; $nbWarnLog++ if $logLi =~ /warning/i; push @lastShutdowns, $logLi if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; @@ -2225,7 +2225,7 @@ sub get_replication_status { "This replication slave is not running but seems to be configured."; } if ( defined($io_running) - && $io_running =~ /yes/i + && $io_running =~ /yes/i && $sql_running =~ /yes/i ) { if ( $myvar{'read_only'} eq 'OFF' ) { diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 1596eae..af3f14b 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -28,8 +28,8 @@ 5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)";"" 5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)";"" 6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)";"" -5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)";"" -5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)";"" +5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MISC:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107 | MISC:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | MISC:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | MISC:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MISC:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MISC:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MISC:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | MISC:http://bugs.mysql.com/47320 | URL:http://bugs.mysql.com/47320 | MISC:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | URL:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | MISC:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | MISC:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | MISC:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510";Assigned (20091120);"None (candidate not yet proposed)";"" +5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MISC:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107 | MISC:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | MISC:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | MISC:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MISC:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MISC:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MISC:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | MISC:http://bugs.mysql.com/47320 | URL:http://bugs.mysql.com/47320 | MISC:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | URL:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | MISC:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | MISC:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | MISC:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510";Assigned (20091120);"None (candidate not yet proposed)";"" 1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" @@ -113,11 +113,11 @@ 5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)";"" -5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"BID:55498 | URL:http://www.securityfocus.com/bid/55498 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" -5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"BID:55498 | URL:http://www.securityfocus.com/bid/55498 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" -5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"BID:55498 | URL:http://www.securityfocus.com/bid/55498 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" -5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"BID:55498 | URL:http://www.securityfocus.com/bid/55498 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" -5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"BID:55498 | URL:http://www.securityfocus.com/bid/55498 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" +5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" +5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" +5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" +5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" +5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" 5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120921);"None (candidate not yet proposed)";"" 5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120921);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16877 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120922);"None (candidate not yet proposed)";"" @@ -211,8 +211,8 @@ 5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102078 | URL:http://osvdb.org/102078 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)";"" 5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102078 | URL:http://osvdb.org/102078 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102078 | URL:http://osvdb.org/102078 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)";"" -5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"BID:65298 | URL:http://www.securityfocus.com/bid/65298 | CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)";"" -02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"BID:65298 | URL:http://www.securityfocus.com/bid/65298 | CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)";"" +5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"MISC:102713 | URL:http://osvdb.org/102713 | MISC:102714 | URL:http://www.osvdb.org/102714 | MISC:1029708 | URL:http://www.securitytracker.com/id/1029708 | MISC:52161 | URL:http://secunia.com/advisories/52161 | MISC:65298 | URL:http://www.securityfocus.com/bid/65298 | MISC:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | MISC:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | MISC:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | MISC:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | MISC:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | MISC:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | URL:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | MISC:https://mariadb.com/kb/en/mariadb-5535-changelog/ | URL:https://mariadb.com/kb/en/mariadb-5535-changelog/ | MISC:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)";"" +02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"MISC:102713 | URL:http://osvdb.org/102713 | MISC:102714 | URL:http://www.osvdb.org/102714 | MISC:1029708 | URL:http://www.securitytracker.com/id/1029708 | MISC:52161 | URL:http://secunia.com/advisories/52161 | MISC:65298 | URL:http://www.securityfocus.com/bid/65298 | MISC:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | MISC:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | MISC:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | MISC:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | MISC:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | MISC:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | URL:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | MISC:https://mariadb.com/kb/en/mariadb-5535-changelog/ | URL:https://mariadb.com/kb/en/mariadb-5535-changelog/ | MISC:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)";"" 5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)";"" 5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102069 | URL:http://osvdb.org/102069 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)";"" @@ -940,9 +940,9 @@ 0.37.12;0;37;12;CVE-2018-6617;Candidate;"Easy Hosting Control Panel (EHCP) v0.37.12.b; when using a local MySQL server; allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.";"MISC:http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt | MISC:http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html";Assigned (20180204);"None (candidate not yet proposed)";"" 18.3.4;18;3;4;CVE-2019-1010259;Candidate;"SaltStack Salt 2018.3; 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.";"MISC:https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a | MISC:https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534 | MISC:https://github.com/saltstack/salt/pull/51462";Assigned (20190320);"None (candidate not yet proposed)";"" 9.0.1;9;0;1;CVE-2019-11200;Candidate;"Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However; the application performs insufficient checks on the export parameters to mysqldump; which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)";"MISC:https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities";Assigned (20190411);"None (candidate not yet proposed)";"" -2.9.8;2;9;8;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" -8.0.13;8;0;13;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" -8.4.0;8;4;0;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +2.9.8;2;9;8;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +8.0.13;8;0;13;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" +8.4.0;8;4;0;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-12301;Candidate;"The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.";"MISC:https://jira.percona.com/browse/PS-5640 | MISC:https://www.percona.com/blog/2019/05/17/percona-server-for-mysql-5-6-44-85-0-is-now-available/";Assigned (20190523);"None (candidate not yet proposed)";"" 5.4.0;5;4;0;CVE-2019-15635;Candidate;"An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g.; MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the ""Save and test"" button within a data source's settings menu. When watching the transaction with Burp Proxy; the password for the data source is revealed and sent to the server. From a browser; a prompt to save the credentials is generated; and the password can be revealed by simply checking the ""Show password"" box.";"CONFIRM:https://security.netapp.com/advisory/ntap-20191009-0002/ | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/167244";Assigned (20190826);"None (candidate not yet proposed)";"" 65.0.0;65;0;0;CVE-2019-16065;Candidate;"A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server; expose database tables and values; and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.";"MISC:https://www.mogozobo.com/?p=3647";Assigned (20190906);"None (candidate not yet proposed)";"" @@ -1441,15 +1441,66 @@ 8.0.23;8;0;23;CVE-2021-2301;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2305;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +15.1.2;15;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" +14.1.2;14;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" +13.1.2;13;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2308;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2339;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2340;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2352;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2354;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2357;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2370;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2374;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2383;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2384;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2387;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +5.7.34;5;7;34;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2399;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2402;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.21;8;0;21;CVE-2021-2412;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2418;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2422;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2424;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2425;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2426;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2429;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-889/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2437;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2440;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-2441;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.23;8;0;23;CVE-2021-2444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-2478;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-2479;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-2481;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 0.20.2;0;20;2;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 0.21.0;0;21;0;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 10.2.36;10;2;36;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.3.27;10;3;27;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.4.17;10;4;17;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.5.8;10;5;8;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" +3.9.6;3;9;6;CVE-2021-29004;Candidate;"rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig; an attacker may successfully upload a webshell to the server and access it remotely.";"MISC:http://rconfig.com | MISC:https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt | MISC:https://github.com/mrojz/rconfig-exploit/blob/main/README.md | MISC:https://rconfig.com";Assigned (20210322);"None (candidate not yet proposed)";"" +2.11.10;2;11;10;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.0;2;12;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.4;2;12;4;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.8.0;2;8;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" +2.12.5;2;12;5;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" 19.0.5;19;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 11.0.5;11;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 19.1.4;19;1;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" @@ -1462,3 +1513,232 @@ 12.1.3;12;1;3;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 21.0.0;21;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 13.0.0;13;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-35537;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35546;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35575;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-35583;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35591;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35596;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35602;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +5.7.35;5;7;35;CVE-2021-35604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35607;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35608;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35610;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35612;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35622;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35623;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +5.7.35;5;7;35;CVE-2021-35624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35625;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35626;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35627;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35628;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.25;8;0;25;CVE-2021-35629;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35630;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35631;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35634;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35635;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35636;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35637;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35638;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35639;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35640;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35642;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35643;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35644;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35645;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35646;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35647;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2021-35648;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" +2.6.6;2;6;6;CVE-2021-36774;Candidate;"Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.";"MISC:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | URL:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | MLIST:[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE | URL:http://www.openwall.com/lists/oss-security/2022/01/06/5";Assigned (20210719);"None (candidate not yet proposed)";"" +3.1.2;3;1;2;CVE-2021-36774;Candidate;"Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.";"MISC:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | URL:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | MLIST:[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE | URL:http://www.openwall.com/lists/oss-security/2022/01/06/5";Assigned (20210719);"None (candidate not yet proposed)";"" +21.0.2;21;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +13.0.2;13;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.0.6;19;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.0.6;11;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.1.5;19;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.1.5;11;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +19.2.2;19;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +11.2.2;11;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +20.0.5;20;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +12.0.5;12;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +20.1.4;20;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +12.1.4;12;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" +2.10.0;2;10;0;CVE-2021-3779;Candidate;"A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.";"MISC:https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/ | URL:https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/";Assigned (20210907);"None (candidate not yet proposed)";"" +21.0.3;21;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +13.0.3;13;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.0.7;19;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.0.7;11;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.1.6;19;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.1.6;11;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +19.2.3;19;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +11.2.3;11;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +20.0.6;20;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +12.0.6;12;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +20.1.5;20;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +12.1.5;12;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" +1.12.0;1;12;0;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" +4.6.2;4;6;2;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" +4.6.3;4;6;3;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21245;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21245;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21249;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21253;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21254;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21256;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21264;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21265;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21270;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21270;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2022-21278;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2022-21297;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21301;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21302;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21303;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21303;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21339;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21344;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21344;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21348;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21351;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.26;8;0;26;CVE-2022-21352;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21358;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21362;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21368;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21370;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21374;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21378;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21379;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21412;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21413;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21414;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21415;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21418;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21423;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21425;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21435;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21436;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21437;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21438;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21440;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21451;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21451;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21452;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21454;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21454;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21455;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21457;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21459;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.37;5;7;37;CVE-2022-21460;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21460;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21462;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21478;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21479;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21509;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.38;5;7;38;CVE-2022-21515;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21515;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21517;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21522;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21525;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21526;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21527;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21528;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21529;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21530;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21531;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21534;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21537;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21538;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 5.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21556;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21569;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.39;5;7;39;CVE-2022-21589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.16;8;0;16;CVE-2022-21589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.39;5;7;39;CVE-2022-21592;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21592;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21594;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.36;5;7;36;CVE-2022-21595;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21595;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21599;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.27;8;0;27;CVE-2022-21600;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21605;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-21607;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.39;5;7;39;CVE-2022-21608;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21608;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21611;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +5.7.39;5;7;39;CVE-2022-21617;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21617;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21625;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21635;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21637;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21638;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-21640;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2022-21641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" +1.1.3;1;1;3;CVE-2022-21687;Candidate;"gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost; plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.";"CONFIRM:https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29 | URL:https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29 | MISC:https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f | URL:https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f";Assigned (20211116);"None (candidate not yet proposed)";"" +10.6.5;10;6;5;CVE-2022-27376;Candidate;"MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg; which is exploited via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220519-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26354 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27377;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(); which is exploited via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26281 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.2;10;6;2;CVE-2022-27379;Candidate;"An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0005/ | MISC:https://jira.mariadb.org/browse/MDEV-26353 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27380;Candidate;"An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26280 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27455;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28097";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27456;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28093 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27457;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28098";Assigned (20220321);"None (candidate not yet proposed)";"" +10.6.3;10;6;3;CVE-2022-27458;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28099 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" +2.1.1;2;1;1;CVE-2022-31026;Candidate;"Trilogy is a client library for MySQL. When authenticating; a malicious server could return a specially crafted authentication packet; causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.";"CONFIRM:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | URL:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | MISC:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962 | URL:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962";Assigned (20220518);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2022-34968;Candidate;"An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.";"MISC:https://jira.percona.com/browse/PS-8294";Assigned (20220704);"None (candidate not yet proposed)";"" +6.5.0;6;5;0;CVE-2022-35866;Candidate;"This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.";"MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-959/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-959/";Assigned (20220714);"None (candidate not yet proposed)";"" +1.15.2;1;15;2;CVE-2022-39312;Candidate;"Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease; the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`; the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server; the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability; the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue.";"CONFIRM:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | URL:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | MISC:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | URL:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | MISC:https://github.com/dataease/dataease/pull/3328 | URL:https://github.com/dataease/dataease/pull/3328 | MISC:https://github.com/dataease/dataease/releases/tag/v1.15.2 | URL:https://github.com/dataease/dataease/releases/tag/v1.15.2";Assigned (20220902);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-39400;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2022-39410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" +1.3.0;1;3;0;CVE-2022-40955;Candidate;"In versions of Apache InLong prior to 1.3.0; an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database; could cause this data to be deserialized by Apache InLong; potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.";"MISC:[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC | URL:http://www.openwall.com/lists/oss-security/2022/09/22/5 | MISC:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1 | URL:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1";Assigned (20220919);"None (candidate not yet proposed)";"" +1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J; an authenticated attacker could read arbitrary local file by connecting a rogue mysql server; By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore; the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h | URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";"" +3.17.0;3;17;0;CVE-2022-45136;Candidate;"** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.";"MISC:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31 | URL:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31 | MLIST:[oss-security] 20221114 CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB | URL:http://www.openwall.com/lists/oss-security/2022/11/14/5";Assigned (20221110);"None (candidate not yet proposed)";"" +10.3.33;10;3;33;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/ | MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 | URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";"" +10.9.2;10;9;2;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/ | MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 | URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21836;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +5.7.40;5;7;40;CVE-2023-21840;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21863;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2023-21864;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2023-21865;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.28;8;0;28;CVE-2023-21866;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21868;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21870;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21871;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.29;8;0;29;CVE-2023-21872;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21873;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.30;8;0;30;CVE-2023-21874;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21875;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21876;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21877;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21878;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21879;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21880;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21881;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21882;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21883;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.31;8;0;31;CVE-2023-21887;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +7.0.0;7;0;0;CVE-2023-22974;Candidate;"A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.";"MISC:https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29 | MISC:https://www.sonarsource.com/blog/openemr-remote-code-execution-in-your-healthcare-system/";Assigned (20230111);"None (candidate not yet proposed)";""