ALT-BU-2023-7756-2

Branch c9f2 update bulletin.

Package apache2-mod_wsgi updated to version 4.9.4-alt1 for branch c9f2 in task 335046.

Уязвимость модуля mod_wsgi веб-сервера Apache, связанная с ошибками при обработке заголовока X-Client-IP, позволяющая нарушителю получить несанкционированный доступ к сетевым службам

Severity: MEDIUM (5.6)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: MEDIUM (5.1)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

CVE-2022-2255

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Package MySQL updated to version 8.0.35-alt1.0.c9.1 for branch c9f2 in task 335317.

Уязвимость режима AES OCB библиотеки OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: LOW (2.6)Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

References:

CVE-2022-2097

Уязвимость пакета cryptography интерпретатора языка программирования Python, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.1)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2020-36242

Уязвимость компонента inflate.c библиотеки zlib, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2022-37434

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21637

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21638

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21640

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21641

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21608

Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.9)Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C

References:

CVE-2022-21595

Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21599

Severity: MEDIUM (4.1)Vector: AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21611

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Severity: HIGH (8.5)Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C

References:

CVE-2022-21635

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-39400

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

CVE-2022-21592

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21594

Уязвимость компонента Server: Connection Handling системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21617

Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

CVE-2022-21589

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.2)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

References:

CVE-2022-21600

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21604

Уязвимость компонента Server: Data Dictionary системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21605

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21607

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.9)Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C

References:

CVE-2022-21625

Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21632

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-21633

Уязвимость компонента Shell: Core Client клиента командной строки и редактора кода Oracle MySQL Shell, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

Severity: LOW (3.9)Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Severity: LOW (3.2)Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N

References:

CVE-2022-39403

Severity: LOW (3.9)Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Severity: LOW (3.2)Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N

References:

CVE-2022-39402

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-39410

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2022-39408

Уязвимость утилиты командной строки cURL, связанная с логической ошибкой повторно используемого дескриптора при обработке последующих HTTP-запросов PUT и POST, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2022-32221

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании

Severity: MEDIUM (5.5)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C

References:

CVE-2023-21872

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании

Severity: MEDIUM (5.5)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C

References:

CVE-2023-21877

Уязвимость компонента Server: GIS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21887

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21873

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21868

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21870

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21864

Severity: MEDIUM (5.5)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C

References:

CVE-2023-21869

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании

Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Severity: MEDIUM (6.6)Vector: AV:N/AC:H/Au:S/C:N/I:C/A:C

References:

CVE-2023-21875

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21878

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21876

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21879

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21866

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21865

Severity: LOW (2.7)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

References:

CVE-2023-21882

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21871

Уязвимость компонента Server: Thread Pooling системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (2.7)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Severity: MEDIUM (4.0)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

CVE-2023-21874

Severity: MEDIUM (5.5)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C

References:

CVE-2023-21880

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21883

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21863

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21867

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21881

Уязвимость функции BIO_new_NDEF() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

CVE-2023-0215

Уязвимость механизма HSTS (HTTP Strict Transport Security) утилиты командной строки cURL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2022-43551

Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.6)Vector: AV:N/AC:H/Au:M/C:N/I:N/A:C

References:

CVE-2023-21947

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.6)Vector: AV:N/AC:H/Au:M/C:N/I:N/A:C

References:

CVE-2023-21940

Уязвимость компонента Server: Partition системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21953

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21955

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21976

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21977

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21982

Severity: LOW (2.7)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Severity: LOW (3.3)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:P

References:

CVE-2023-21963

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать зависание или вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21946

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2023-21920

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21911

Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю вызвать зависание или отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2023-21912

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21913

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-21917

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21919

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю получить привилегированный доступ или вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21933

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21935

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Severity: MEDIUM (5.5)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:M/C:N/I:P/A:C

References:

CVE-2023-21929

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2023-21945

Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21962

Уязвимость компонента Server: JSON системы управления базами данных MySQL Server , позволяющая нарушителю получить привилегированный доступ или вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21966

Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21972

Уязвимость компонента Client programs системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.1)Vector: AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (7.1)Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C

References:

CVE-2023-21980

Уязвимость библиотеки OpenSSL, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2023-2650

Уязвимость компонента Server:Pluggable Auth системы управления базами данных Oracle MySQL Serve, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации

Severity: LOW (3.1)Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: LOW (2.1)Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N

References:

CVE-2023-22048

Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22008

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22054

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.6)Vector: AV:N/AC:H/Au:M/C:N/I:N/A:C

References:

CVE-2023-22033

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22046

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22056

Уязвимость компонента Server: Replication системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21950

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22057

Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL, позволяющая нарушителю оказать воздействие на целостность данных

Severity: LOW (2.7)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Severity: LOW (3.3)Vector: AV:N/AC:L/Au:M/C:N/I:P/A:N

References:

CVE-2023-22038

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22007

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.6)Vector: AV:N/AC:H/Au:M/C:N/I:N/A:C

References:

CVE-2023-22005

Уязвимость компонента Client programs системы управления базами данных MySQL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

Severity: MEDIUM (5.6)Vector: AV:N/AC:H/Au:S/C:P/I:N/A:C

References:

CVE-2023-22053

Уязвимость компонента Server: DDL системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.6)Vector: AV:N/AC:H/Au:M/C:N/I:N/A:C

References:

CVE-2023-22058

Уязвимость реализации протокола SOCKS5 утилиты командной строки cURL, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (7.5)Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2023-38545

Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22015

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22026

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22028

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22032

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22059

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22064

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22065

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22066

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22068

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22070

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22104

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.3)Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C

References:

CVE-2023-22092

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-22095

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.3)Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C

References:

CVE-2023-22097

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-22079

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-22084

Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22112

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8)Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2023-22078

Уязвимость компонента Server: UDF системы управления базами данных Oracle MySQL Server, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22111

Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22115

Уязвимость компонента Server: Security: Encryption системы управления базами данных Oracle MySQL Server, связанная с некорректным контролем доступа, позволяющая нарушителю получить доступ к защищаемой информации

Severity: LOW (2.7)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Severity: LOW (3.3)Vector: AV:N/AC:L/Au:M/C:P/I:N/A:N

References:

CVE-2023-22113

Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22103

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22110

Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-22114

Уязвимость компонента Server: PS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2023-21840

Уязвимость компонента Server: Options системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.4)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.6)Vector: AV:N/AC:H/Au:M/C:N/I:N/A:C

References:

CVE-2024-20968

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2024-20983

Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2024-21056

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2024-21053

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2024-21052

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2024-21051

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2024-21049

Severity: MEDIUM (4.9)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.1)Vector: AV:N/AC:L/Au:M/C:N/I:N/A:C

References:

CVE-2024-21050

Severity: MEDIUM (5.5)Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C

References:

CVE-2024-21015

Уязвимость инструмента командной строки библиотеки для сжатия данных Zstandard, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2022-4899

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Severity: CRITICAL (9.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: MEDIUM (5.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Severity: HIGH (7.2)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.1)Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

References:

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Shell accessible data as well as unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).

Severity: LOW (3.9)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Severity: LOW (2.7)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).

Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Severity: LOW (2.7)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Severity: LOW (2.7)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

Severity: HIGH (7.1)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Severity: LOW (2.7)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).

Severity: LOW (3.1)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).

Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Severity: LOW (2.7)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.4)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

Severity: MEDIUM (4.9)Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References:

AES OCB fails to encrypt some bytes

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

zstd vulnerable to buffer overrun

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: HIGH (8.8)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

References:

На версию MySQL 8.0.30-alt2 накопилось 139 незакрытых CVE

Version: 2.1.2

ALT-BU-2023-7756-2

Closed vulnerabilities

Closed vulnerabilities