ALT-PU-2022-1100-2

BDU:2021-05485

HIGH7.5

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-11-17

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2021-21348

BDU:2021-05499

CRITICAL9.8

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста

Published: 2021-11-17

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2021-21344

BDU:2021-05649

HIGH8.2

Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"

Published: 2021-11-25Modified: 2024-09-13

CVSS 3.xHIGH 8.2

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS 2.0HIGH 8.5

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:N

References

CVE-2021-22946

BDU:2021-05940

CRITICAL9.1

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста

Published: 2021-12-09Modified: 2023-11-21

CVSS 3.xCRITICAL 9.1

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2021-21351

BDU:2022-01473

LOW3.8

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xLOW 3.8

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

References

CVE-2022-21265

BDU:2022-01474

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21370

BDU:2022-01475

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21342

BDU:2022-01479

MEDIUM4.9

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21348

BDU:2022-01481

MEDIUM4.9

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21256

BDU:2022-01484

MEDIUM4.9

Уязвимость компонента Server: Federated системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21270

BDU:2022-01485

MEDIUM5.5

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0HIGH 7.0

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:C

References

CVE-2022-21378

BDU:2022-01486

MEDIUM5.3

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

References

CVE-2022-21254

BDU:2022-01487

MEDIUM5.3

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

References

CVE-2022-21302

BDU:2022-01489

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21297

BDU:2022-01490

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21339

BDU:2022-01491

MEDIUM4.9

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21374

BDU:2022-01492

MEDIUM4.9

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21362

BDU:2022-01493

MEDIUM4.9

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21379

BDU:2022-01565

MEDIUM6.5

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Published: 2022-03-28Modified: 2023-06-30

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

References

BDU:2022-01568

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-03-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21380

BDU:2022-01569

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21334

BDU:2022-01570

MEDIUM5.5

Уязвимость компонента Server: Compiling системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

References

CVE-2022-21367

BDU:2022-01572

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01573

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01574

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01575

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01576

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01577

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01582

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21330

BDU:2022-01583

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю повысить свои привилегии

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21329

BDU:2022-01584

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.0

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21316

BDU:2022-01585

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21322

BDU:2022-01586

MEDIUM4.9

Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-21304

BDU:2022-01587

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01588

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-21253

BDU:2022-01589

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01590

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

References

CVE-2022-21264

BDU:2022-01591

MEDIUM4.7

Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 4.7

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

References

CVE-2022-21368

BDU:2022-01592

MEDIUM4.3

Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

References

CVE-2022-21245

BDU:2022-01593

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01594

MEDIUM4.9

Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-21303

BDU:2022-01595

MEDIUM4.9

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-21344

BDU:2022-01598

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.0

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21318

BDU:2022-01599

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21332

BDU:2022-01600

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21315

BDU:2022-01601

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21356

BDU:2022-01604

LOW2.7

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.7

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 3.3

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:P

References

CVE-2022-21372

BDU:2022-01605

MEDIUM5.9

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS 2.0HIGH 7.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:C/A:C

References

CVE-2022-21352

BDU:2022-01606

MEDIUM5.5

Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность данных или вызвать отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

References

CVE-2022-21301

BDU:2022-01607

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию и вызвать частичный отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01608

LOW2.7

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.7

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 3.3

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:P

References

CVE-2022-21249

BDU:2022-01609

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21335

BDU:2022-01611

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21336

BDU:2022-01612

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21337

BDU:2022-01613

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01614

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xLOW 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

References

BDU:2022-01616

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21320

BDU:2022-01618

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21328

BDU:2022-01619

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21327

BDU:2022-01620

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Published: 2022-03-30Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

CVE-2022-21326

BDU:2022-01929

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Published: 2022-04-07Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-01992

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-01993

HIGH7.1

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

References

CVE-2022-21351

BDU:2022-01996

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

References

BDU:2022-01997

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02004

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

References

BDU:2022-02006

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

References

BDU:2022-02013

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02014

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02015

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

References

BDU:2022-02016

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02018

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02019

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02026

MEDIUM6.5

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-21358

BDU:2022-02027

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02028

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

References

BDU:2022-02029

HIGH7.1

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных

Published: 2022-04-08Modified: 2023-06-30

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

References

CVE-2022-21278

BDU:2022-06420

MEDIUM4.4

Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-10-24Modified: 2024-01-12

CVSS 3.xMEDIUM 4.4

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

References

CVE-2022-21595

BDU:2022-06429

HIGH7.2

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код

Published: 2022-10-24Modified: 2024-01-12

CVSS 3.xHIGH 7.2

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2022-21600

BDU:2023-04224

MEDIUM4.9

Уязвимость компонента Server: Replication системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-07-28Modified: 2024-01-12

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2023-21950

CVE-2021-21344

CRITICAL9.8

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Published: 2021-03-23Modified: 2025-05-23

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2021-21348

HIGH7.5

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Published: 2021-03-23Modified: 2025-05-23

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2021-21351

CRITICAL9.1

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Published: 2021-03-23Modified: 2025-05-23

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

CVE-2021-22946

HIGH7.5

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Published: 2021-09-29Modified: 2026-04-16

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2022-21245

MEDIUM4.3

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

CVE-2022-21249

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xLOW 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

References

CVE-2022-21253

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21254

MEDIUM5.3

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21256

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21264

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21265

LOW3.8

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xLOW 3.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

References

CVE-2022-21270

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21278

HIGH7.1

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

References

CVE-2022-21279

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21280

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21284

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21285

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21286

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21287

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21288

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21289

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21290

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21297

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21301

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2022-21302

MEDIUM5.3

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21303

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21304

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21307

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21308

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21309

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21310

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21311

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21312

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21313

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21314

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21315

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21316

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21317

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21318

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21319

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21320

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21321

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21322

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21323

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21324

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21325

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21326

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21327

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21328

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21329

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21330

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21331

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21332

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21333

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21334

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21335

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21336

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21337

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21339

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21342

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21344

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21348

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21351

HIGH7.1

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

References

CVE-2022-21352

MEDIUM5.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

References

CVE-2022-21355

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21356

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21357

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xLOW 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

References

CVE-2022-21358

MEDIUM6.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21362

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21367

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2022-21368

MEDIUM4.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 4.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

References

CVE-2022-21370

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21372

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xLOW 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

References

CVE-2022-21374

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21378

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2022-21379

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21380

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Published: 2022-01-19Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

References

CVE-2022-21595

MEDIUM4.4

Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2022-10-18Modified: 2024-11-21

CVSS 3.xMEDIUM 4.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-21600

HIGH7.2

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Published: 2022-10-18Modified: 2024-11-21

CVSS 3.xHIGH 7.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

CVE-2023-21950

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2023-07-18Modified: 2024-11-21

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

GHSA-56p8-3fh9-4cvq

MEDIUM5.3

XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

Published: 2021-03-23Modified: 2022-02-09

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

References

GHSA-59jw-jqf4-3wq3

MEDIUM5.3

XStream is vulnerable to an Arbitrary Code Execution attack

Published: 2021-03-23Modified: 2022-02-09

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

References

GHSA-hrcp-8f3q-4w2c

MEDIUM5.4

XStream is vulnerable to an Arbitrary Code Execution attack

Published: 2021-03-23Modified: 2022-02-09

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N

References

Package update MySQL in branch sisyphus

Closed issues (163)

Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Federated системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю повысить свои привилегии

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Server: Replication системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании