Errata ALT-PU-2022-3960-1: Information
Fixes
Published: March 12, 2021
BDU:2021-05485
Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 12, 2021
BDU:2021-05499
Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 15, 2021
BDU:2021-05649
Уязвимость реализации команды «--ssl-reqd» программного средства для взаимодействия с серверами cURL, позволяющая нарушителю проводить атаки типа "человек посередине"
Severity: HIGH (8.2) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Links:
Published: March 12, 2021
BDU:2021-05940
Уязвимость Java-библиотеки Xstream для преобразования объектов в форматы XML или JSON, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю загружать и выполнять произвольный код с удаленного хоста
Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01473
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (3.8) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Links:
Published: Nov. 15, 2021
BDU:2022-01474
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01475
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01479
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01481
Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 18, 2022
BDU:2022-01484
Уязвимость компонента Server: Federated системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01485
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 18, 2022
BDU:2022-01486
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 18, 2022
BDU:2022-01487
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01489
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01490
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01491
Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01492
Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01493
Уязвимость компонента Server: Group Replication Plugin системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 23, 2021
BDU:2022-01565
Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
BDU:2022-01568
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01569
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01570
Уязвимость компонента Server: Compiling системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: July 23, 2021
BDU:2022-01572
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: July 23, 2021
BDU:2022-01573
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: July 23, 2021
BDU:2022-01574
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: July 23, 2021
BDU:2022-01575
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: July 23, 2021
BDU:2022-01576
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: July 23, 2021
BDU:2022-01577
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
BDU:2022-01582
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01583
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю повысить свои привилегии
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01584
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01585
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01586
Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 23, 2021
BDU:2022-01587
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Nov. 15, 2021
BDU:2022-01588
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 23, 2021
BDU:2022-01589
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 18, 2022
BDU:2022-01590
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01591
Уязвимость компонента Server: Components Services системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ на изменение, добавление или удаление данных
Severity: MEDIUM (4.7) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Nov. 15, 2021
BDU:2022-01592
Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Links:
Published: July 23, 2021
BDU:2022-01593
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Nov. 15, 2021
BDU:2022-01594
Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01595
Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01598
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01599
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01600
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01601
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01604
Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании
Severity: LOW (2.7) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Links:
Published: Jan. 19, 2022
BDU:2022-01605
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01606
Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю оказать воздействие на целостность данных или вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Sept. 1, 2021
BDU:2022-01607
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию и вызвать частичный отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 18, 2022
BDU:2022-01608
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать частичный отказ в обслуживании
Severity: LOW (2.7) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Links:
Published: Jan. 19, 2022
BDU:2022-01609
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01611
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01612
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 1, 2021
BDU:2022-01613
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: July 23, 2021
BDU:2022-01614
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю раскрыть защищаемую информацию или вызвать частичный отказ в обслуживании
Severity: LOW (2.9) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
BDU:2022-01616
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01618
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01619
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
BDU:2022-01620
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить привилегированный доступ
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2021
BDU:2022-01929
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю получить полный контроль над приложением
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01992
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01993
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных
Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-01996
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2021
BDU:2022-01997
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02004
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 9, 2021
BDU:2022-02006
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02013
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02014
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02015
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02016
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02018
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02019
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 18, 2022
BDU:2022-02026
Уязвимость компонента Server: Security: Encryption системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02027
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02028
Уязвимость компонента Cluster: General системы управления базами данных MySQL Cluster, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3) Vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02029
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании и оказать воздействие на целостность данных
Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Oct. 18, 2022
BDU:2022-06420
Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 18, 2022
BDU:2022-06429
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 23, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-21344
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://x-stream.github.io/CVE-2021-21344.html
- http://x-stream.github.io/changes.html#1.4.16
- https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3
- https://x-stream.github.io/security.html#workaround
- [debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update
- https://security.netapp.com/advisory/ntap-20210430-0002/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- DSA-5004
- https://www.oracle.com/security-alerts/cpujan2022.html
- [jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)
- [activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs
- FEDORA-2021-fbad11014a
- FEDORA-2021-d894ca87dc
- FEDORA-2021-5e376c0ed9
Published: March 23, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-21348
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://x-stream.github.io/changes.html#1.4.16
- https://x-stream.github.io/security.html#workaround
- https://github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq
- https://x-stream.github.io/CVE-2021-21348.html
- [debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update
- https://security.netapp.com/advisory/ntap-20210430-0002/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- DSA-5004
- https://www.oracle.com/security-alerts/cpujan2022.html
- [jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)
- [activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs
- FEDORA-2021-fbad11014a
- FEDORA-2021-d894ca87dc
- FEDORA-2021-5e376c0ed9
Published: March 23, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-21351
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Links:
- http://x-stream.github.io/changes.html#1.4.16
- https://x-stream.github.io/security.html#workaround
- https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c
- https://x-stream.github.io/CVE-2021-21351.html
- [debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update
- https://security.netapp.com/advisory/ntap-20210430-0002/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- DSA-5004
- https://www.oracle.com/security-alerts/cpujan2022.html
- [jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)
- [activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs
- FEDORA-2021-fbad11014a
- FEDORA-2021-d894ca87dc
- FEDORA-2021-5e376c0ed9
Published: Sept. 29, 2021
Modified: March 27, 2024
Modified: March 27, 2024
CVE-2021-22946
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://hackerone.com/reports/1334111
- [debian-lts-announce] 20210930 [SECURITY] [DLA 2773-1] curl security update
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://security.netapp.com/advisory/ntap-20211029-0003/
- https://security.netapp.com/advisory/ntap-20220121-0008/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://support.apple.com/kb/HT213183
- 20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- DSA-5197
- [debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update
- GLSA-202212-01
- FEDORA-2021-fc96a3a749
- FEDORA-2021-1d24845e93
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21245
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21249
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
Severity: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21253
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21254
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21256
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21264
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21265
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).
Severity: LOW (3.8) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21270
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21278
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21279
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21280
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21284
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21285
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21286
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21287
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21288
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21289
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21290
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 22, 2022
Modified: Jan. 22, 2022
CVE-2022-21297
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21301
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21302
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21303
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21304
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21307
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21308
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21309
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Aug. 8, 2023
Modified: Aug. 8, 2023
CVE-2022-21310
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21311
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21312
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21313
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21314
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21315
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21316
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21317
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21318
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21319
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21320
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 25, 2022
Modified: Jan. 25, 2022
CVE-2022-21321
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 25, 2022
Modified: Jan. 25, 2022
CVE-2022-21322
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 25, 2022
Modified: Jan. 25, 2022
CVE-2022-21323
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21324
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21325
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21326
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21327
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21328
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21329
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21330
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21331
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21332
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21333
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21334
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21335
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21336
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21337
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2022-21339
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21342
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21344
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21348
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21351
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21352
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21355
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21356
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21357
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Severity: LOW (2.9) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21358
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21362
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21367
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21368
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).
Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21370
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21372
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
Severity: LOW (2.7) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21374
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21378
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 25, 2022
Modified: Jan. 25, 2022
CVE-2022-21379
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2022
Modified: Jan. 24, 2022
Modified: Jan. 24, 2022
CVE-2022-21380
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity: MEDIUM (6.3) Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Oct. 19, 2022
Modified: Nov. 8, 2022
Modified: Nov. 8, 2022
CVE-2022-21595
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 19, 2022
Modified: Nov. 4, 2022
Modified: Nov. 4, 2022
CVE-2022-21600
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links: