Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server version 8.0.29 and prior versions. An attacker with elevated privileges who accesses the network via multiple protocols can compromise MySQL Server...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists due to unauthorized network access which allows a remote attacker to crash the application via multiple protocols to compromise MySQL Server...

mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

mysql: Server: Options unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2022-21632

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

AZL-11211 CVE-2022-21637 affecting package mysql for versions less than 8.0.31-1

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

AZL-11214 CVE-2022-21641 affecting package mysql for versions less than 8.0.31-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21641

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21595

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21592

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

CVE-2022-21599

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21638

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

The vulnerability of the ruby-mysql library, related to errors in processing hypertext links, allows attackers to gain access to confidential data.

The vulnerability of the ruby-mysql library is related to errors in processing hypertext links. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data...

mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)

The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

Ubuntu 16.04 ESM : MySQL vulnerability (USN-5537-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5537-2 advisory. USN-5537-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description blo...

CVE-2022-31026 Use of Uninitialized Variable in trilogy

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version...

Red Planet Laundry Management System 1.0 SQL Injection

Title: Red Planet Laundry Management System 1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://laundry.redplanetcomputers.com/ Software: https://laundry.redplanetcomputers.com/ Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28452 Description: The username...