ALT Linux Team

Branch sisyphus_riscv64 update on 2022-02-09

2022-02-09

ALT-BU-2022-3961-1

Branch sisyphus_riscv64 update bulletin.

ALT-PU-2022-3959-1

Package python3-module-numpy updated to version 1.22.1-alt2 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2021-05-12

BDU:2022-06724

Уязвимость функции _convert_from_str() компонента numpy.core модуля NumPy для Python, позволяющая нарушителю инициировать копирование данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2021-12-17
Modified: 2024-11-21

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:

ALT-PU-2022-3960-1

Package MySQL updated to version 8.0.28-alt0.1.rv64 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2021-03-12

BDU:2021-05485

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-03-12

BDU:2021-05499

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-09-15

BDU:2021-05649

Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"

Severity: HIGH (8.2) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
References:
Published: 2021-03-12

BDU:2021-05940

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-01473

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.8) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
References:
Published: 2021-11-15

BDU:2022-01474

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01475

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01479

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01481

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-01-18

BDU:2022-01484

Уязвимость компонента Server: Federated системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01485

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2022-01-18

BDU:2022-01486

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-01-18

BDU:2022-01487

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01489

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01490

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01491

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01492

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01493

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-07-23

BDU:2022-01565

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
References:
Published: 2022-01-19

BDU:2022-01568

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01569

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01570

Уязвимость компонента Server: Compiling системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации

Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2021-07-23

BDU:2022-01572

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-07-23

BDU:2022-01573

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-07-23

BDU:2022-01574

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-07-23

BDU:2022-01575

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-07-23

BDU:2022-01576

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-07-23

BDU:2022-01577

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2022-01-19

BDU:2022-01582

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01583

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01584

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01585

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-01586

Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-07-23

BDU:2022-01587

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-11-15

BDU:2022-01588

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-07-23

BDU:2022-01589

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2022-01-18

BDU:2022-01590

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01591

Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Severity: MEDIUM (4.7) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2021-11-15

BDU:2022-01592

Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
References:
Published: 2021-07-23

BDU:2022-01593

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-11-15

BDU:2022-01594

Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-01595

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-01-19

BDU:2022-01598

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01599

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01600

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01601

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-01604

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Severity: LOW (2.7) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2022-01-19

BDU:2022-01605

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01606

Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность данных или вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2021-09-01

BDU:2022-01607

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию и вызвать частичный отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2022-01-18

BDU:2022-01608

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Severity: LOW (2.7) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2022-01-19

BDU:2022-01609

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01611

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01612

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-09-01

BDU:2022-01613

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2021-07-23

BDU:2022-01614

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании

Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
References:
Published: 2022-01-19

BDU:2022-01616

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01618

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01619

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-19

BDU:2022-01620

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-07-23

BDU:2022-01929

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-01992

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-01993

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных

Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2021-11-15

BDU:2022-01996

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-07-23

BDU:2022-01997

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02004

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-06-09

BDU:2022-02006

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02013

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02014

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02015

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02016

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02018

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02019

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-18

BDU:2022-02026

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-11-15

BDU:2022-02027

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02028

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-15

BDU:2022-02029

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных

Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2022-10-18

BDU:2022-06420

Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.4) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-10-18

BDU:2022-06429

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-03-23
Modified: 2024-11-21

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-03-23
Modified: 2024-11-21

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-03-23
Modified: 2024-11-21

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2021-09-29
Modified: 2024-11-21

CVE-2021-22946

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21245

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21249

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21253

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.8)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21254

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.3)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21256

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.8)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21264

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21265

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).

Severity: MEDIUM (5.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21270

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21278

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21279

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21280

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21284

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21285

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21286

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21287

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21288

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21289

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21290

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21297

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21301

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21302

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: LOW (3.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21303

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21304

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21307

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21308

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21309

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21310

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21311

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21312

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21313

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21314

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21315

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21316

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.6)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21317

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21318

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.6)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21319

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21320

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21321

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21322

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21323

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21324

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21325

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21326

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21327

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21328

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21329

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21330

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21331

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21332

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21333

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21334

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21335

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21336

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21337

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21339

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21342

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21344

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21348

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21351

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21352

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).

Severity: MEDIUM (4.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21355

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21356

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21357

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Severity: LOW (2.9)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21358

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21362

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21367

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21368

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).

Severity: MEDIUM (6.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21370

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21372

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21374

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21378

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21379

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-01-19
Modified: 2024-11-21

CVE-2022-21380

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Severity: MEDIUM (4.0)
References:
Published: 2022-10-19
Modified: 2024-11-21

CVE-2022-21595

Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

References:
Published: 2022-10-19
Modified: 2024-11-21

CVE-2022-21600

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top