CRITICAL9.8
Уязвимость компонента inflate.c библиотеки zlib, позволяющая нарушителю выполнить произвольный код
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
Severity:
Closed issues (59)
MEDIUM6.3
Уязвимость функции BIO_new_NDEF() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 6.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LCVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:PReferences
HIGH7.5
Уязвимость механизма HSTS (HTTP Strict Transport Security) утилиты командной строки cURL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NReferences
MEDIUM4.4
Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных
CVSS 3.xMEDIUM 4.4
CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:CReferences
MEDIUM4.4
Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных
CVSS 3.xMEDIUM 4.4
CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Partition системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Partition системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, связанная с недостаточной проверкой входных данных
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
LOW2.7
Уязвимость компонента Server: Connection Handling системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xLOW 2.7
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LCVSS 2.0LOW 3.3
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:PReferences
MEDIUM6.5
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать зависание или вызвать отказ в обслуживании
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
HIGH7.5
Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю вызвать зависание или отказ в обслуживании
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю получить привилегированный доступ или вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM5.5
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HCVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:P/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: JSON системы управления базами данных MySQL Server , позволяющая нарушителю получить привилегированный доступ или вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
HIGH7.1
Уязвимость компонента Client programs системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:H/Au:S/C:C/I:C/A:CReferences
MEDIUM4.9
Уязвимость компонента Server: Replication системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
MEDIUM5.9
Уязвимость компонента Client programs системы управления базами данных MySQL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:HCVSS 2.0MEDIUM 5.6
CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:N/A:CReferences
MEDIUM4.9
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xMEDIUM 4.9
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HCVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:CReferences
CRITICAL9.8
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://seclists.org/fulldisclosure/2022/Oct/37
- http://seclists.org/fulldisclosure/2022/Oct/38
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/42
- http://www.openwall.com/lists/oss-security/2022/08/05/2
- http://www.openwall.com/lists/oss-security/2022/08/09/1
- https://github.com/curl/curl/issues/9271
- https://github.com/ivd38/zlib_overflow
- https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
- https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
- https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
- https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
- https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
- https://security.netapp.com/advisory/ntap-20220901-0005/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://support.apple.com/kb/HT213488
- https://support.apple.com/kb/HT213489
- https://support.apple.com/kb/HT213490
- https://support.apple.com/kb/HT213491
- https://support.apple.com/kb/HT213493
- https://support.apple.com/kb/HT213494
- https://www.debian.org/security/2022/dsa-5218
- http://seclists.org/fulldisclosure/2022/Oct/37
- http://seclists.org/fulldisclosure/2022/Oct/38
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/42
- http://www.openwall.com/lists/oss-security/2022/08/05/2
- http://www.openwall.com/lists/oss-security/2022/08/09/1
- https://github.com/curl/curl/issues/9271
- https://github.com/ivd38/zlib_overflow
- https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
- https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
- https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
- https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
- https://security.netapp.com/advisory/ntap-20220901-0005/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://support.apple.com/kb/HT213488
- https://support.apple.com/kb/HT213489
- https://support.apple.com/kb/HT213490
- https://support.apple.com/kb/HT213491
- https://support.apple.com/kb/HT213493
- https://support.apple.com/kb/HT213494
- https://www.debian.org/security/2022/dsa-5218
- https://github.com/curl/curl/issues/9271
HIGH7.5
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
- https://hackerone.com/reports/1755083
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
- https://security.gentoo.org/glsa/202310-12
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://hackerone.com/reports/1755083
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
- https://security.gentoo.org/glsa/202310-12
- https://security.netapp.com/advisory/ntap-20230427-0007/
HIGH7.5
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
- https://security.gentoo.org/glsa/202402-08
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://security.netapp.com/advisory/ntap-20230427-0009/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.openssl.org/news/secadv/20230207.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
- https://security.gentoo.org/glsa/202402-08
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://security.netapp.com/advisory/ntap-20230427-0009/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.openssl.org/news/secadv/20230207.txt
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
HIGH7.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM5.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.4
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM6.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.4
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.oracle.com/security-alerts/cpuapr2023.html
LOW2.7
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
CVSS 3.xLOW 2.7
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HHIGH7.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HMEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HMEDIUM5.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:HReferences
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230725-0005/
- https://www.oracle.com/security-alerts/cpujul2023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
- https://security.netapp.com/advisory/ntap-20230725-0005/
- https://www.oracle.com/security-alerts/cpujul2023.html
MEDIUM4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HHIGH7.5
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- https://nvd.nist.gov/vuln/detail/CVE-2023-0215
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
- https://rustsec.org/advisories/RUSTSEC-2023-0009.html
- https://security.gentoo.org/glsa/202402-08
- https://security.netapp.com/advisory/ntap-20230427-0007
- https://security.netapp.com/advisory/ntap-20230427-0009
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://www.openssl.org/news/secadv/20230207.txt