ALT-PU-2022-5561-1

BDU:2021-03997

HIGH7.5

Уязвимость компонента Key Distribution Center (KDC) сетевого протокола аутентификации Kerberos, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2021-08-10Изменено: 2025-08-19

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0ВЫСОКАЯ 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

Ссылки

CVE-2021-36222

BDU:2021-04570

CRITICAL9.8

Уязвимость реализации криптографического алгоритма SM2 библиотеки OpenSSL, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2021-09-20Изменено: 2025-10-20

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ссылки

BDU:2021-04571

HIGH7.4

Уязвимость функции X509_aux_print() библиотеки OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Опубликовано: 2021-09-20Изменено: 2025-10-20

CVSS 3.xВЫСОКАЯ 7.4

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS 2.0ВЫСОКАЯ 7.1

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:C

Ссылки

BDU:2021-05113

HIGH7.5

Уязвимость компонента Server: Windows системы управления базами данных MySQL Server, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2021-10-22

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0ВЫСОКАЯ 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

Ссылки

CVE-2021-35583

BDU:2021-05280

LOW3.7

Уязвимость функции сопоставления конфигураций программного средства для взаимодействия с серверами CURL, связанная с использованием имени с неправильной ссылкой, позволяющая нарушителю получить доступ к конфиденциальным данным

Опубликовано: 2021-11-02Изменено: 2024-04-03

CVSS 3.xНИЗКАЯ 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

Ссылки

CVE-2021-22924

BDU:2021-05346

HIGH8.2

Уязвимость реализации протокола STARTTLS программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа «человек посередине»

Опубликовано: 2021-11-10Изменено: 2024-09-13

CVSS 3.xВЫСОКАЯ 8.2

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CVSS 2.0ВЫСОКАЯ 8.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:C/A:N

Ссылки

CVE-2021-22947

BDU:2021-05415

MEDIUM4.4

Уязвимость компонента Server: Data Dictionary системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2021-11-12

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2021-35632

BDU:2021-05485

HIGH7.5

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2021-11-17

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0ВЫСОКАЯ 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

Ссылки

CVE-2021-21348

BDU:2021-05499

CRITICAL9.8

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста

Опубликовано: 2021-11-17

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ссылки

CVE-2021-21344

BDU:2021-05649

HIGH8.2

Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"

Опубликовано: 2021-11-25Изменено: 2024-09-13

CVSS 3.xВЫСОКАЯ 8.2

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS 2.0ВЫСОКАЯ 8.5

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:N

Ссылки

CVE-2021-22946

BDU:2021-05940

CRITICAL9.1

Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста

Опубликовано: 2021-12-09Изменено: 2023-11-21

CVSS 3.xКРИТИЧЕСКАЯ 9.1

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

Ссылки

CVE-2021-21351

BDU:2021-06010

LOW3.7

Уязвимость утилиты cURL, связанная с повторным освобождением памяти, позволяющая нарушителю выполнить отказ в обслуживании

Опубликовано: 2021-12-13Изменено: 2024-09-13

CVSS 3.xНИЗКАЯ 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0НИЗКАЯ 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

Ссылки

CVE-2021-22945

BDU:2022-00343

MEDIUM5.3

Уязвимость служебной программы командной строки cURL, связанная с использованием неинициализированного ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным

Опубликовано: 2022-01-20Изменено: 2023-10-20

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

Ссылки

CVE-2021-22925

BDU:2022-00758

HIGH7.4

Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки

Опубликовано: 2022-02-16

CVSS 3.xВЫСОКАЯ 7.4

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0ВЫСОКАЯ 7.1

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:N

Ссылки

CVE-2021-44531

BDU:2022-01315

HIGH7.5

Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-16Изменено: 2025-11-19

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0ВЫСОКАЯ 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

Ссылки

CVE-2022-0778

BDU:2022-01473

LOW3.8

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 3.8

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

Ссылки

CVE-2022-21265

BDU:2022-01474

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21370

BDU:2022-01475

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21342

BDU:2022-01479

MEDIUM4.9

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21348

BDU:2022-01481

MEDIUM4.9

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21256

BDU:2022-01484

MEDIUM4.9

Уязвимость компонента Server: Federated системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21270

BDU:2022-01485

MEDIUM5.5

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.0

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21378

BDU:2022-01486

MEDIUM5.3

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21254

BDU:2022-01487

MEDIUM5.3

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21302

BDU:2022-01489

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21297

BDU:2022-01490

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21339

BDU:2022-01491

MEDIUM4.9

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21374

BDU:2022-01492

MEDIUM4.9

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21362

BDU:2022-01493

MEDIUM4.9

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21379

BDU:2022-01565

MEDIUM6.5

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Опубликовано: 2022-03-28Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS 2.0СРЕДНЯЯ 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

Ссылки

BDU:2022-01568

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-03-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21380

BDU:2022-01569

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21334

BDU:2022-01570

MEDIUM5.5

Уязвимость компонента Server: Compiling системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21367

BDU:2022-01572

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01573

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01574

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01575

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01576

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01577

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01582

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21330

BDU:2022-01583

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21329

BDU:2022-01584

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.0

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21316

BDU:2022-01585

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21322

BDU:2022-01586

MEDIUM4.9

Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21304

BDU:2022-01587

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01588

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21253

BDU:2022-01589

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01590

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21264

BDU:2022-01591

MEDIUM4.7

Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.7

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

Ссылки

CVE-2022-21368

BDU:2022-01592

MEDIUM4.3

Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

Ссылки

CVE-2022-21245

BDU:2022-01593

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01594

MEDIUM4.9

Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21303

BDU:2022-01595

MEDIUM4.9

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21344

BDU:2022-01598

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.0

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21318

BDU:2022-01599

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21332

BDU:2022-01600

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21315

BDU:2022-01601

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21356

BDU:2022-01604

LOW2.7

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0НИЗКАЯ 3.3

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:P

Ссылки

CVE-2022-21372

BDU:2022-01605

MEDIUM5.9

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.9

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS 2.0ВЫСОКАЯ 7.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:C/A:C

Ссылки

CVE-2022-21352

BDU:2022-01606

MEDIUM5.5

Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность данных или вызвать отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21301

BDU:2022-01607

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию и вызвать частичный отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01608

LOW2.7

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0НИЗКАЯ 3.3

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:P

Ссылки

CVE-2022-21249

BDU:2022-01609

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21335

BDU:2022-01611

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21336

BDU:2022-01612

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21337

BDU:2022-01613

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01614

LOW2.9

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

Ссылки

BDU:2022-01616

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21320

BDU:2022-01618

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21328

BDU:2022-01619

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21327

BDU:2022-01620

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Опубликовано: 2022-03-30Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21326

BDU:2022-01929

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Опубликовано: 2022-04-07Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-01992

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-01993

HIGH7.1

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21351

BDU:2022-01996

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

Ссылки

BDU:2022-01997

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02004

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

Ссылки

BDU:2022-02006

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

Ссылки

BDU:2022-02013

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02014

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02015

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.2

CVSS:2.0/AV:A/AC:H/Au:M/C:C/I:C/A:C

Ссылки

BDU:2022-02016

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02018

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02019

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02026

MEDIUM6.5

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21358

BDU:2022-02027

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02028

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

BDU:2022-02029

HIGH7.1

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных

Опубликовано: 2022-04-08Изменено: 2023-06-30

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21278

BDU:2022-02169

MEDIUM6.5

Уязвимость программного средства для взаимодействия с серверами CURL, связанная с недостатками алгоритма вычисления контрольной суммы, позволяющая нарушителю оказать воздействие на целостность данных

Опубликовано: 2022-04-13

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0ВЫСОКАЯ 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:C/A:N

Ссылки

CVE-2021-22922

BDU:2022-02170

MEDIUM5.3

Уязвимость программного средства для взаимодействия с серверами CURL, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Опубликовано: 2022-04-13Изменено: 2024-11-11

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0СРЕДНЯЯ 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N

Ссылки

CVE-2021-22923

BDU:2022-02755

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-04Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21412

BDU:2022-02756

MEDIUM4.9

Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-04Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21413

BDU:2022-02796

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21436

BDU:2022-02797

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21438

BDU:2022-02798

MEDIUM5.9

Уязвимость компонента Server: PAM Auth Plugin системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0ВЫСОКАЯ 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:N/A:N

Ссылки

CVE-2022-21457

BDU:2022-02799

MEDIUM5.5

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:P

Ссылки

CVE-2022-21479

BDU:2022-02800

MEDIUM4.4

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21444

BDU:2022-02801

MEDIUM6.5

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21454

BDU:2022-02802

MEDIUM5.5

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных или вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21478

BDU:2022-02803

MEDIUM5.5

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных или вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21459

BDU:2022-02804

MEDIUM5.5

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ на изменение, добавление или удаление данных или вызвать отказ в обслуживании

Опубликовано: 2022-05-05Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21440

BDU:2022-02805

MEDIUM4.9

Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение

Опубликовано: 2022-05-06Изменено: 2023-11-09

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21427

BDU:2022-02806

MEDIUM4.9

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или вызвать аварийное завершение

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21417

BDU:2022-02807

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21414

BDU:2022-02808

MEDIUM4.9

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать аварийное завершение

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21415

BDU:2022-02809

MEDIUM5.0

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных, или вызвать аварийное завершение работы

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.0

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0СРЕДНЯЯ 5.6

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21418

BDU:2022-02810

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать зависание или, в нередких случаях, аварийное завершение

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21435

BDU:2022-02812

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21483

BDU:2022-02813

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21482

BDU:2022-02814

MEDIUM6.3

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Опубликовано: 2022-05-06Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:A/AC:H/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21489

BDU:2022-02825

MEDIUM5.5

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать отказ в обслуживании

Опубликовано: 2022-05-11Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2022-21425

BDU:2022-02835

MEDIUM4.4

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-11Изменено: 2023-11-09

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21451

BDU:2022-02836

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-11Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21452

BDU:2022-02837

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-05-11Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21437

BDU:2022-03716

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-06-24Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0ВЫСОКАЯ 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

Ссылки

CVE-2022-21462

BDU:2022-03717

MEDIUM4.4

Уязвимость компонента Server: Logging системы управления базами данных MySQL Server, позволяющая нарушителю раскрыть защищаемую информацию

Опубликовано: 2022-06-24Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:C/I:N/A:N

Ссылки

CVE-2022-21460

BDU:2022-04564

MEDIUM6.5

Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на чтение, изменение или удаление данных

Опубликовано: 2022-07-21Изменено: 2023-06-30

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 9.4

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:C

Ссылки

CVE-2022-21556

BDU:2022-05677

MEDIUM5.5

Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Опубликовано: 2022-09-14Изменено: 2023-11-09

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

Ссылки

CVE-2021-35604

BDU:2022-06420

MEDIUM4.4

Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-10-24Изменено: 2024-01-12

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21595

BDU:2022-06429

HIGH7.2

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2022-10-24Изменено: 2024-01-12

CVSS 3.xВЫСОКАЯ 7.2

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0КРИТИЧЕСКАЯ 9.0

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:C

Ссылки

CVE-2022-21600

BDU:2022-06431

MEDIUM4.9

Уязвимость компонента Server: Data Dictionary системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-10-24Изменено: 2024-01-12

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21605

BDU:2022-06432

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-10-24Изменено: 2024-01-12

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2022-21607

BDU:2023-00436

MEDIUM4.9

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2023-01-30Изменено: 2024-01-12

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

Ссылки

CVE-2023-21866

CVE-2019-10219

MEDIUM6.1

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Опубликовано: 2019-11-08Изменено: 2025-07-07

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ссылки

CVE-2021-21344

CRITICAL9.8

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Опубликовано: 2021-03-23Изменено: 2025-05-23

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2021-21348

HIGH7.5

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Опубликовано: 2021-03-23Изменено: 2025-05-23

CVSS 2.0ВЫСОКАЯ 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-21351

CRITICAL9.1

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Опубликовано: 2021-03-23Изменено: 2025-05-23

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xКРИТИЧЕСКАЯ 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2021-22570

MEDIUM5.5

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Опубликовано: 2022-01-26Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-22922

MEDIUM6.5

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Опубликовано: 2021-08-05Изменено: 2026-04-16

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Ссылки

CVE-2021-22923

MEDIUM5.3

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Опубликовано: 2021-08-05Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Ссылки

CVE-2021-22924

LOW3.7

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Опубликовано: 2021-08-05Изменено: 2025-06-09

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xНИЗКАЯ 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Ссылки

CVE-2021-22925

MEDIUM5.3

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

Опубликовано: 2021-08-05Изменено: 2026-04-16

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ссылки

CVE-2021-22926

HIGH7.5

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Опубликовано: 2021-08-05Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-22945

CRITICAL9.1

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.

Опубликовано: 2021-09-23Изменено: 2025-06-09

CVSS 2.0СРЕДНЯЯ 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS 3.xКРИТИЧЕСКАЯ 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Ссылки

CVE-2021-22946

HIGH7.5

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Опубликовано: 2021-09-29Изменено: 2026-04-16

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Ссылки

CVE-2021-22947

MEDIUM5.9

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got before the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Опубликовано: 2021-09-29Изменено: 2026-04-16

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Ссылки

CVE-2021-2478

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-2479

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-2481

MEDIUM6.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35537

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35546

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35575

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35577

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35583

HIGH7.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35591

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35596

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35597

MEDIUM6.5

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35602

MEDIUM5.0

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.0

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2021-35604

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2021-35607

MEDIUM6.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35608

MEDIUM5.3

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35610

HIGH7.1

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2021-35612

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2021-35622

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35623

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Ссылки

CVE-2021-35624

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Ссылки

CVE-2021-35625

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Ссылки

CVE-2021-35626

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35627

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35628

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35629

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35630

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Ссылки

CVE-2021-35631

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35632

MEDIUM4.4

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35633

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Ссылки

CVE-2021-35634

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35635

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35636

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35637

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35638

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35639

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35640

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Ссылки

CVE-2021-35641

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35642

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35643

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35644

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35645

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35646

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35647

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-35648

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2021-10-20Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-36222

HIGH7.5

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Опубликовано: 2021-07-22Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2021-3711

CRITICAL9.8

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

Опубликовано: 2021-08-24Изменено: 2024-11-21

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2021-3712

HIGH7.4

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Опубликовано: 2021-08-24Изменено: 2026-04-16

CVSS 2.0СРЕДНЯЯ 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Ссылки

CVE-2021-44531

HIGH7.4

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

Опубликовано: 2022-02-24Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xВЫСОКАЯ 7.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Ссылки

CVE-2021-44532

MEDIUM5.3

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

Опубликовано: 2022-02-24Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Ссылки

CVE-2021-44533

MEDIUM5.3

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

Опубликовано: 2022-02-24Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Ссылки

CVE-2022-0778

HIGH7.5

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Опубликовано: 2022-03-15Изменено: 2026-04-14

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21245

MEDIUM4.3

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ссылки

CVE-2022-21249

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Ссылки

CVE-2022-21253

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21254

MEDIUM5.3

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.3

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21256

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21264

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21265

LOW3.8

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xНИЗКАЯ 3.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Ссылки

CVE-2022-21270

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21278

HIGH7.1

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21279

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21280

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21284

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21285

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21286

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21287

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21288

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21289

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21290

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21297

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21301

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21302

MEDIUM5.3

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21303

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21304

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21307

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21308

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21309

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21310

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21311

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21312

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21313

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21314

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21315

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21316

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21317

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21318

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21319

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21320

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21321

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21322

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21323

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21324

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21325

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21326

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21327

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21328

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21329

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21330

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21331

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21332

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21333

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21334

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21335

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21336

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21337

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21339

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21342

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21344

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21348

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21351

HIGH7.1

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21352

MEDIUM5.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Ссылки

CVE-2022-21355

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21356

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21357

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21358

MEDIUM6.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21362

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21367

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21368

MEDIUM4.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 4.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Ссылки

CVE-2022-21370

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21372

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Ссылки

CVE-2022-21374

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21378

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21379

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21380

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-01-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21412

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21413

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21414

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21415

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21417

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21418

MEDIUM5.0

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.0

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21423

LOW2.7

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xНИЗКАЯ 2.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Ссылки

CVE-2022-21425

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21427

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21435

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21436

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21437

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21438

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21440

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21444

MEDIUM4.4

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21451

MEDIUM4.4

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21452

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21454

MEDIUM6.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21457

MEDIUM5.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Ссылки

CVE-2022-21459

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21460

MEDIUM4.4

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Ссылки

CVE-2022-21462

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21478

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Ссылки

CVE-2022-21479

MEDIUM5.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Ссылки

CVE-2022-21482

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21483

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21484

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21485

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21486

LOW2.9

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.9

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS 3.xНИЗКАЯ 2.9

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L

Ссылки

CVE-2022-21489

MEDIUM6.3

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Опубликовано: 2022-04-19Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21556

MEDIUM6.5

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

Опубликовано: 2022-07-19Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Ссылки

CVE-2022-21595

MEDIUM4.4

Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-10-18Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21600

HIGH7.2

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Опубликовано: 2022-10-18Изменено: 2024-11-21

CVSS 3.xВЫСОКАЯ 7.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2022-21605

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-10-18Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2022-21607

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2022-10-18Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2023-21866

MEDIUM4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Опубликовано: 2023-01-18Изменено: 2024-11-21

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

Обновление пакета MySQL в ветке p10_e2k

Закрытые проблемы (296)

Уязвимость компонента Key Distribution Center (KDC) сетевого протокола аутентификации Kerberos, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость реализации криптографического алгоритма SM2 библиотеки OpenSSL, позволяющая нарушителю выполнить произвольный код

Уязвимость функции X509_aux_print() библиотеки OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Уязвимость реализации протокола STARTTLS программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа «человек посередине»

Уязвимость компонента Server: Data Dictionary системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"

Уязвимость утилиты cURL, связанная с повторным освобождением памяти, позволяющая нарушителю выполнить отказ в обслуживании

Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки

Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Federated системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю повысить свои привилегии

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: PAM Auth Plugin системы управления базами данных MySQL Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: FTS системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или вызвать аварийное завершение

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или аварийное завершение

Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать аварийное завершение

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать зависание или, в нередких случаях, аварийное завершение

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.