K000140399: MySQL vulnerabilities CVE-2024-21130, CVE-2024-21142, CVE-2024-21166, and CVE-2024-21185

Security Advisory Description CVE-2024-21130 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Optimizer component of the Oracle MySQL database management system is related to a validation error in the input data received from the web server. Exploiting this vulnerability can allow an attacker to cause service interruptions...

Vulnerability of the Server component: The Oracle MySQL Server database management system’s DDL functions allow attackers to cause service interruptions.

Vulnerability of the Server component: The DDL system for managing databases, Oracle MySQL Server, is vulnerable to authentication errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Vulnerability of the Server component: The Oracle MySQL Server database management system’s DDL functions allow attackers to cause service interruptions.

Vulnerability of the Server component: The DDL system for managing databases in Oracle MySQL has vulnerabilities related to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers to cause service interruptions remotely...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Vulnerability of the Server component: Connection Handling of the Oracle MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Server component: Connection Handling in the Oracle MySQL Server database management system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-34736)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause MySQL Server to hang without authorization or crash frequently and repeatedly full DOS...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-34715)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...

CVE-2024-21185

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.38, 8.4.1 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

CVE-2024-21177

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-21173

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21166

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21171

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-21163

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-21165

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

CVE-2024-21160

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21159

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21142

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

CVE-2024-21137

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...