scan_result.json

{"_1":[{"Target":"trivy-testing:latest (centos 8.4.2105)","Class":"os-pkgs","Type":"centos","Vulnerabilities":[{"VulnerabilityID":"CVE-2021-25215","PkgName":"bind-export-libs","InstalledVersion":"32:9.11.26-3.el8","FixedVersion":"32:9.11.26-4.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-25215","Title":"bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself","Description":"In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.","Severity":"HIGH","CweIDs":["CWE-617"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["http://www.openwall.com/lists/oss-security/2021/04/29/1","http://www.openwall.com/lists/oss-security/2021/04/29/2","http://www.openwall.com/lists/oss-security/2021/04/29/3","http://www.openwall.com/lists/oss-security/2021/04/29/4","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215","https://kb.isc.org/docs/cve-2021-25215","https://kb.isc.org/v1/docs/cve-2021-25215","https://linux.oracle.com/cve/CVE-2021-25215.html","https://linux.oracle.com/errata/ELSA-2021-9213.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/","https://security.netapp.com/advisory/ntap-20210521-0006/","https://ubuntu.com/security/notices/USN-4929-1","https://www.debian.org/security/2021/dsa-4909"],"PublishedDate":"2021-04-29T01:15:00Z","LastModifiedDate":"2021-05-21T09:15:00Z"},{"VulnerabilityID":"CVE-2021-25214","PkgName":"bind-export-libs","InstalledVersion":"32:9.11.26-3.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-25214","Title":"bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly","Description":"In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.","Severity":"MEDIUM","CweIDs":["CWE-617"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["http://www.openwall.com/lists/oss-security/2021/04/29/1","http://www.openwall.com/lists/oss-security/2021/04/29/2","http://www.openwall.com/lists/oss-security/2021/04/29/3","http://www.openwall.com/lists/oss-security/2021/04/29/4","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214","https://kb.isc.org/docs/cve-2021-25214","https://kb.isc.org/v1/docs/cve-2021-25214","https://linux.oracle.com/cve/CVE-2021-25214.html","https://linux.oracle.com/errata/ELSA-2021-3325.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/","https://security.netapp.com/advisory/ntap-20210521-0006/","https://ubuntu.com/security/notices/USN-4929-1","https://www.debian.org/security/2021/dsa-4909"],"PublishedDate":"2021-04-29T01:15:00Z","LastModifiedDate":"2021-05-21T09:15:00Z"},{"VulnerabilityID":"CVE-2018-1000876","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-1000876","Title":"binutils: integer overflow leads to heap-based buffer overflow in objdump","Description":"binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.","Severity":"MEDIUM","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","V2Score":4.6e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":7.8e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/106304","https://access.redhat.com/errata/RHSA-2019:2075","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876","https://linux.oracle.com/cve/CVE-2018-1000876.html","https://linux.oracle.com/errata/ELSA-2019-2075.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23994","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-12-20T17:29:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2018-20623","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20623","Title":"binutils: Use-after-free in the error function","Description":"In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/106370","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20623","https://sourceware.org/bugzilla/show_bug.cgi?id=24049","https://support.f5.com/csp/article/K38336243","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-12-31T19:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-20671","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20671","Title":"binutils: Integer overflow in load_specific_debug_section function","Description":"load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.","Severity":"MEDIUM","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/106457","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20671","https://sourceware.org/bugzilla/show_bug.cgi?id=24005","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-01-04T16:29:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2018-20673","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20673","Title":"libiberty: Integer overflow in demangle_template() function","Description":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.","Severity":"MEDIUM","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://www.securityfocus.com/bid/106454","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20673","https://sourceware.org/bugzilla/show_bug.cgi?id=24039"],"PublishedDate":"2019-01-04T18:29:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2019-9074","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9074","Title":"binutils: out-of-bound read in function bfd_getl32 in libbfd.c","Description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.","Severity":"MEDIUM","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9074","https://security.netapp.com/advisory/ntap-20190314-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=24235","https://support.f5.com/csp/article/K09092524","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-02-24T00:29:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2019-9075","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9075","Title":"binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c","Description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9075","https://security.netapp.com/advisory/ntap-20190314-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=24236","https://support.f5.com/csp/article/K42059040","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-02-24T00:29:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2019-9077","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9077","Title":"binutils: heap-based buffer overflow in function process_mips_specific in readelf.c","Description":"An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","http://www.securityfocus.com/bid/107139","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9077","https://security.netapp.com/advisory/ntap-20190314-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=24243","https://support.f5.com/csp/article/K00056379","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-02-24T00:29:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2021-20197","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20197","Title":"binutils: race window allows users to own arbitrary files","Description":"There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.","Severity":"MEDIUM","CweIDs":["CWE-59"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:P/I:P/A:N","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","V2Score":3.3e0,"V3Score":6.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","V3Score":4.2e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1913743","https://security.netapp.com/advisory/ntap-20210528-0009/","https://sourceware.org/bugzilla/show_bug.cgi?id=26945"],"PublishedDate":"2021-03-26T17:15:00Z","LastModifiedDate":"2021-05-28T10:15:00Z"},{"VulnerabilityID":"CVE-2021-3487","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3487","Title":"binutils: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()","Description":"There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.","Severity":"MEDIUM","CweIDs":["CWE-20","CWE-400"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1947111","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"],"PublishedDate":"2021-04-15T14:15:00Z","LastModifiedDate":"2021-05-04T12:55:00Z"},{"VulnerabilityID":"CVE-2018-12641","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-12641","Title":"binutils: Stack Exhaustion in the demangling functions provided by libiberty","Description":"An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.","Severity":"LOW","CweIDs":["CWE-400"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://access.redhat.com/errata/RHSA-2019:2075","https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452","https://linux.oracle.com/cve/CVE-2018-12641.html","https://linux.oracle.com/errata/ELSA-2019-2075.html","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23058","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-06-22T12:29:00Z","LastModifiedDate":"2019-10-03T00:03:00Z"},{"VulnerabilityID":"CVE-2018-12697","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-12697","Title":"binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.","Description":"A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/104538","https://access.redhat.com/errata/RHSA-2019:2075","https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454","https://linux.oracle.com/cve/CVE-2018-12697.html","https://linux.oracle.com/errata/ELSA-2019-2075.html","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23057","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-06-23T23:29:00Z","LastModifiedDate":"2019-08-03T13:15:00Z"},{"VulnerabilityID":"CVE-2018-12698","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-12698","Title":"binutils: excessive memory consumption in demangle_template in cplus-dem.c","Description":"demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/104539","https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23057","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-06-23T23:29:00Z","LastModifiedDate":"2019-10-03T00:03:00Z"},{"VulnerabilityID":"CVE-2018-12699","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-12699","Title":"binutils: heap-based buffer overflow in finish_stab in stabs.c","Description":"finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.","Severity":"LOW","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/104540","https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23057","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-06-23T23:29:00Z","LastModifiedDate":"2019-08-03T13:15:00Z"},{"VulnerabilityID":"CVE-2018-12700","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-12700","Title":"binutils: Stack Exhaustion in debug_write_type in debug.c","Description":"A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.","Severity":"LOW","CweIDs":["CWE-835"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/104541","https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23057","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-06-23T23:29:00Z","LastModifiedDate":"2019-10-03T00:03:00Z"},{"VulnerabilityID":"CVE-2018-12934","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-12934","Title":"binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c","Description":"remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.","Severity":"LOW","CweIDs":["CWE-770"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453","https://sourceware.org/bugzilla/show_bug.cgi?id=23059","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-06-28T14:29:00Z","LastModifiedDate":"2020-04-21T22:15:00Z"},{"VulnerabilityID":"CVE-2018-17360","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-17360","Title":"binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c","Description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360","https://sourceware.org/bugzilla/show_bug.cgi?id=23685","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-09-23T18:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-17794","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-17794","Title":"binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input","Description":"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-09-30T20:29:00Z","LastModifiedDate":"2020-04-21T22:15:00Z"},{"VulnerabilityID":"CVE-2018-17985","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-17985","Title":"binutils: Stack consumption problem caused by the cplus_demangle_type","Description":"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.","Severity":"LOW","CweIDs":["CWE-400"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":4.7e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-04T23:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-18309","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18309","Title":"binutils: invalid memory address dereference in read_reloc in reloc.c","Description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.","Severity":"LOW","CweIDs":["CWE-119"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/105692","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18309","https://sourceware.org/bugzilla/show_bug.cgi?id=23770","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-15T02:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-18483","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18483","Title":"binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service","Description":"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.","Severity":"LOW","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":4.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/105689","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18483","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602","https://sourceware.org/bugzilla/show_bug.cgi?id=23767","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-18T21:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-18484","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18484","Title":"binutils: Stack exhaustion in cp-demangle.c allows for denial of service","Description":"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.","Severity":"LOW","CweIDs":["CWE-674"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":4.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/105693","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-18T21:29:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2018-18605","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18605","Title":"binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c","Description":"A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/105754","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605","https://security.netapp.com/advisory/ntap-20190307-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=23804","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-23T17:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-18606","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18606","Title":"binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c","Description":"An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/105754","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606","https://security.netapp.com/advisory/ntap-20190307-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=23806","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-23T17:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-18607","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18607","Title":"binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c","Description":"An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/105754","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607","https://security.netapp.com/advisory/ntap-20190307-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=23805","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-23T17:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2018-18700","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18700","Title":"binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c","Description":"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.","Severity":"LOW","CweIDs":["CWE-835"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":4.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-29T12:29:00Z","LastModifiedDate":"2020-04-21T22:15:00Z"},{"VulnerabilityID":"CVE-2018-18701","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-18701","Title":"binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c","Description":"An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.","Severity":"LOW","CweIDs":["CWE-835"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":4.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-10-29T12:29:00Z","LastModifiedDate":"2020-04-21T22:15:00Z"},{"VulnerabilityID":"CVE-2018-19932","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-19932","Title":"binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service","Description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.","Severity":"LOW","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/106144","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932","https://security.gentoo.org/glsa/201908-01","https://security.netapp.com/advisory/ntap-20190221-0004/","https://sourceware.org/bugzilla/show_bug.cgi?id=23932","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-12-07T07:29:00Z","LastModifiedDate":"2019-08-03T13:15:00Z"},{"VulnerabilityID":"CVE-2018-20002","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20002","Title":"binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c","Description":"The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.","Severity":"LOW","CweIDs":["CWE-772"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/106142","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002","https://security.gentoo.org/glsa/201908-01","https://security.netapp.com/advisory/ntap-20190221-0004/","https://sourceware.org/bugzilla/show_bug.cgi?id=23952","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9","https://support.f5.com/csp/article/K62602089","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2018-12-10T02:29:00Z","LastModifiedDate":"2019-10-03T00:03:00Z"},{"VulnerabilityID":"CVE-2018-20651","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20651","Title":"binutils: NULL pointer dereference in elf_link_add_object_symbols function resulting in a denial of service","Description":"A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/106440","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20651","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=24041","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f","https://support.f5.com/csp/article/K38336243","https://ubuntu.com/security/notices/USN-4336-1","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-01-01T16:29:00Z","LastModifiedDate":"2019-08-03T13:15:00Z"},{"VulnerabilityID":"CVE-2018-20657","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20657","Title":"libiberty: Memory leak in demangle_template function resulting in a denial of service","Description":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.","Severity":"LOW","CweIDs":["CWE-772"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/106444","https://access.redhat.com/errata/RHSA-2019:3352","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539","https://linux.oracle.com/cve/CVE-2018-20657.html","https://linux.oracle.com/errata/ELSA-2019-3352.html","https://support.f5.com/csp/article/K62602089"],"PublishedDate":"2019-01-02T14:29:00Z","LastModifiedDate":"2019-11-06T01:15:00Z"},{"VulnerabilityID":"CVE-2018-6872","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-6872","Title":"binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library","Description":"The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/103103","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22788","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6"],"PublishedDate":"2018-02-09T06:29:00Z","LastModifiedDate":"2019-10-31T01:15:00Z"},{"VulnerabilityID":"CVE-2019-12972","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-12972","Title":"binutils: out-of-bounds read in setup_group in bfd/elf.c","Description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","http://www.securityfocus.com/bid/108903","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12972","https://security.gentoo.org/glsa/202007-39","https://sourceware.org/bugzilla/show_bug.cgi?id=24689","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-06-26T14:15:00Z","LastModifiedDate":"2020-11-02T21:15:00Z"},{"VulnerabilityID":"CVE-2019-14250","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-14250","Title":"binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow","Description":"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.","Severity":"LOW","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","http://www.securityfocus.com/bid/109354","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14250","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924","https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html","https://security.gentoo.org/glsa/202007-39","https://security.netapp.com/advisory/ntap-20190822-0002/","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-07-24T04:15:00Z","LastModifiedDate":"2020-11-02T21:15:00Z"},{"VulnerabilityID":"CVE-2019-9071","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9071","Title":"binutils: stack consumption in function d_count_templates_scopes in cp-demangle.c","Description":"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.","Severity":"LOW","CweIDs":["CWE-674"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/107147","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9071","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394","https://security.netapp.com/advisory/ntap-20190314-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=24227","https://support.f5.com/csp/article/K02884135","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-02-24T00:29:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2020-35448","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35448","Title":"binutils: heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c","Description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.","Severity":"LOW","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","V2Score":4.3e0,"V3Score":3.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","V3Score":3.3e0}},"References":["https://security.netapp.com/advisory/ntap-20210129-0008/","https://sourceware.org/bugzilla/show_bug.cgi?id=26574","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8642dafaef21aa6747cec01df1977e9c52eb4679"],"PublishedDate":"2020-12-27T04:15:00Z","LastModifiedDate":"2021-07-21T11:39:00Z"},{"VulnerabilityID":"CVE-2020-35493","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35493","Title":"binutils: heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file","Description":"A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.","Severity":"LOW","CweIDs":["CWE-20","CWE-125","CWE-122"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1911437","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35493","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/","https://security.netapp.com/advisory/ntap-20210212-0007/"],"PublishedDate":"2021-01-04T15:15:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2020-35494","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35494","Title":"binutils: usage of unitialized heap in tic4x_print_cond function in opcodes/tic4x-dis.c","Description":"There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.","Severity":"LOW","CweIDs":["CWE-908"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","V2Score":5.8e0,"V3Score":6.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","V3Score":6.1e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1911439","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/","https://security.netapp.com/advisory/ntap-20210212-0007/"],"PublishedDate":"2021-01-04T15:15:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2020-35495","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35495","Title":"binutils: NULL pointer dereference in bfd_pef_parse_symbols function in bfd/pef.c","Description":"There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1911441","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/","https://security.netapp.com/advisory/ntap-20210212-0007/"],"PublishedDate":"2021-01-04T15:15:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2020-35496","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35496","Title":"binutils: NULL pointer dereference in bfd_pef_scan_start_address function in bfd/pef.c","Description":"There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1911444","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/","https://security.netapp.com/advisory/ntap-20210212-0007/"],"PublishedDate":"2021-01-04T15:15:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2020-35507","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35507","Title":"binutils: NULL pointer dereference in bfd_pef_parse_function_stubs function in bfd/pef.c","Description":"There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1911691","https://security.netapp.com/advisory/ntap-20210212-0007/"],"PublishedDate":"2021-01-04T15:15:00Z","LastModifiedDate":"2021-07-10T05:15:00Z"},{"VulnerabilityID":"CVE-2021-20284","PkgName":"binutils","InstalledVersion":"2.30-93.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20284","Title":"binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c","Description":"A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.","Severity":"LOW","CweIDs":["CWE-119"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1937784","https://security.netapp.com/advisory/ntap-20210521-0010/","https://sourceware.org/bugzilla/show_bug.cgi?id=26931"],"PublishedDate":"2021-03-26T17:15:00Z","LastModifiedDate":"2021-05-21T09:15:00Z"},{"VulnerabilityID":"CVE-2019-12900","PkgName":"bzip2-libs","InstalledVersion":"1.0.6-26.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-12900","Title":"bzip2: out-of-bounds write in function BZ2_decompress","Description":"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.","Severity":"LOW","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","V3Score":4}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html","http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html","http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html","https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900","https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc","https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E","https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html","https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html","https://seclists.org/bugtraq/2019/Aug/4","https://seclists.org/bugtraq/2019/Jul/22","https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc","https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp;utm_medium=RSS","https://ubuntu.com/security/notices/USN-4038-1","https://ubuntu.com/security/notices/USN-4038-2","https://ubuntu.com/security/notices/USN-4038-3","https://ubuntu.com/security/notices/USN-4038-4","https://ubuntu.com/security/notices/USN-4146-1","https://ubuntu.com/security/notices/USN-4146-2","https://usn.ubuntu.com/4038-1/","https://usn.ubuntu.com/4038-2/","https://usn.ubuntu.com/4146-1/","https://usn.ubuntu.com/4146-2/","https://www.oracle.com/security-alerts/cpuoct2020.html"],"PublishedDate":"2019-06-19T23:15:00Z","LastModifiedDate":"2021-09-14T12:18:00Z"},{"VulnerabilityID":"CVE-2017-18018","PkgName":"coreutils-single","InstalledVersion":"8.30-8.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2017-18018","Title":"coreutils: race condition vulnerability in chown and chgrp","Description":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.","Severity":"MEDIUM","CweIDs":["CWE-362"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","V2Score":1.9e0,"V3Score":4.7e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L","V3Score":4.2e0}},"References":["http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html"],"PublishedDate":"2018-01-04T04:29:00Z","LastModifiedDate":"2018-01-19T15:46:00Z"},{"VulnerabilityID":"CVE-2021-38185","PkgName":"cpio","InstalledVersion":"2.12-10.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-38185","Title":"cpio: integer overflow in ds_fgetstr() in dstring.c can lead to an out-of-bounds write via a crafted pattern file","Description":"GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.","Severity":"MEDIUM","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":7}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38185","https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b","https://github.com/fangqyi/cpiopwn","https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html","https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html","https://ubuntu.com/security/notices/USN-5064-1"],"PublishedDate":"2021-08-08T00:15:00Z","LastModifiedDate":"2021-08-16T15:35:00Z"},{"VulnerabilityID":"CVE-2021-22876","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22876","Title":"curl: Leak of authentication credentials in URL via automatic Referer","Description":"curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","V2Score":5,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","V3Score":3.7e0}},"References":["https://curl.se/docs/CVE-2021-22876.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876","https://hackerone.com/reports/1101882","https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/","https://security.gentoo.org/glsa/202105-36","https://security.netapp.com/advisory/ntap-20210521-0007/","https://ubuntu.com/security/notices/USN-4898-1","https://ubuntu.com/security/notices/USN-4903-1"],"PublishedDate":"2021-04-01T18:15:00Z","LastModifiedDate":"2021-07-20T23:15:00Z"},{"VulnerabilityID":"CVE-2021-22922","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","FixedVersion":"7.61.1-18.el8_4.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22922","Title":"curl: Content not matching hash in Metalink is not being discarded","Description":"When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.","Severity":"MEDIUM","CweIDs":["CWE-354"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V3Score":6.5e0}},"References":["https://curl.se/docs/CVE-2021-22922.html","https://hackerone.com/reports/1213175","https://linux.oracle.com/cve/CVE-2021-22922.html","https://linux.oracle.com/errata/ELSA-2021-3582.html","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-21T19:09:00Z"},{"VulnerabilityID":"CVE-2021-22923","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","FixedVersion":"7.61.1-18.el8_4.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22923","Title":"curl: Metalink download sends credentials","Description":"When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.","Severity":"MEDIUM","CweIDs":["CWE-522"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","V2Score":2.6e0,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","V3Score":5.7e0}},"References":["https://curl.se/docs/CVE-2021-22923.html","https://hackerone.com/reports/1213181","https://linux.oracle.com/cve/CVE-2021-22923.html","https://linux.oracle.com/errata/ELSA-2021-3582.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-21T19:09:00Z"},{"VulnerabilityID":"CVE-2021-22924","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","FixedVersion":"7.61.1-18.el8_4.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22924","Title":"curl: Bad connection reuse due to flawed path name checks","Description":"libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.","Severity":"MEDIUM","CweIDs":["CWE-706"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","V2Score":4.3e0,"V3Score":3.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","V3Score":3.7e0}},"References":["https://curl.se/docs/CVE-2021-22924.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924","https://hackerone.com/reports/1223565","https://linux.oracle.com/cve/CVE-2021-22924.html","https://linux.oracle.com/errata/ELSA-2021-3582.html","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/","https://ubuntu.com/security/notices/USN-5021-1"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-07T15:16:00Z"},{"VulnerabilityID":"CVE-2021-22946","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22946","Title":"curl: protocol downgrade required TLS bypassed","Description":"A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl client continue its operation without TLS encryption leading to data being transmitted in clear text over the network. The highest threat from this vulnerability is to data confidentiality.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","V3Score":6.1e0}},"References":["https://curl.se/docs/CVE-2021-22946.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946","https://ubuntu.com/security/notices/USN-5079-1","https://ubuntu.com/security/notices/USN-5079-2"]},{"VulnerabilityID":"CVE-2021-22947","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22947","Title":"curl: STARTTLS protocol injection via MITM","Description":"A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as valid and authenticated and use them. An attacker could potentially use this flaw to carry out a Man-In-The-Middle attack. The highest threat from this vulnerability is to data confidentiality.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","V3Score":6.1e0}},"References":["https://curl.se/docs/CVE-2021-22947.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947","https://launchpad.net/bugs/1944120 (regression bug)","https://ubuntu.com/security/notices/USN-5079-1","https://ubuntu.com/security/notices/USN-5079-2","https://ubuntu.com/security/notices/USN-5079-3","https://ubuntu.com/security/notices/USN-5079-4"]},{"VulnerabilityID":"CVE-2021-22898","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22898","Title":"curl: TELNET stack contents disclosure","Description":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.","Severity":"LOW","CweIDs":["CWE-909"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","V2Score":2.6e0,"V3Score":3.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","V3Score":3.1e0}},"References":["http://www.openwall.com/lists/oss-security/2021/07/21/4","https://curl.se/docs/CVE-2021-22898.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898","https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","https://hackerone.com/reports/1176461","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","https://ubuntu.com/security/notices/USN-5021-1","https://www.oracle.com//security-alerts/cpujul2021.html"],"PublishedDate":"2021-06-11T16:15:00Z","LastModifiedDate":"2021-09-20T12:17:00Z"},{"VulnerabilityID":"CVE-2021-22925","PkgName":"curl","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22925","Title":"curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure","Description":"curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.","Severity":"LOW","CweIDs":["CWE-908"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","V2Score":5,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","V3Score":3.1e0}},"References":["http://seclists.org/fulldisclosure/2021/Sep/39","http://seclists.org/fulldisclosure/2021/Sep/40","https://curl.se/docs/CVE-2021-22925.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925","https://hackerone.com/reports/1223882","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212805","https://ubuntu.com/security/notices/USN-5021-1"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-22T00:15:00Z"},{"VulnerabilityID":"CVE-2020-35512","PkgName":"dbus","InstalledVersion":"1:1.12.8-12.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35512","Title":"dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour","Description":"A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","V2Score":7.2e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","V3Score":7}},"References":["https://bugs.gentoo.org/755392","https://bugzilla.redhat.com/show_bug.cgi?id=1909101","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35512","https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128","https://security-tracker.debian.org/tracker/CVE-2020-35512"],"PublishedDate":"2021-02-15T17:15:00Z","LastModifiedDate":"2021-03-08T21:15:00Z"},{"VulnerabilityID":"CVE-2020-35512","PkgName":"dbus-common","InstalledVersion":"1:1.12.8-12.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35512","Title":"dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour","Description":"A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","V2Score":7.2e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","V3Score":7}},"References":["https://bugs.gentoo.org/755392","https://bugzilla.redhat.com/show_bug.cgi?id=1909101","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35512","https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128","https://security-tracker.debian.org/tracker/CVE-2020-35512"],"PublishedDate":"2021-02-15T17:15:00Z","LastModifiedDate":"2021-03-08T21:15:00Z"},{"VulnerabilityID":"CVE-2020-35512","PkgName":"dbus-daemon","InstalledVersion":"1:1.12.8-12.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35512","Title":"dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour","Description":"A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","V2Score":7.2e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","V3Score":7}},"References":["https://bugs.gentoo.org/755392","https://bugzilla.redhat.com/show_bug.cgi?id=1909101","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35512","https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128","https://security-tracker.debian.org/tracker/CVE-2020-35512"],"PublishedDate":"2021-02-15T17:15:00Z","LastModifiedDate":"2021-03-08T21:15:00Z"},{"VulnerabilityID":"CVE-2020-35512","PkgName":"dbus-libs","InstalledVersion":"1:1.12.8-12.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35512","Title":"dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour","Description":"A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","V2Score":7.2e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","V3Score":7}},"References":["https://bugs.gentoo.org/755392","https://bugzilla.redhat.com/show_bug.cgi?id=1909101","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35512","https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128","https://security-tracker.debian.org/tracker/CVE-2020-35512"],"PublishedDate":"2021-02-15T17:15:00Z","LastModifiedDate":"2021-03-08T21:15:00Z"},{"VulnerabilityID":"CVE-2020-35512","PkgName":"dbus-tools","InstalledVersion":"1:1.12.8-12.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-35512","Title":"dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour","Description":"A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","V2Score":7.2e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","V3Score":7}},"References":["https://bugs.gentoo.org/755392","https://bugzilla.redhat.com/show_bug.cgi?id=1909101","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35512","https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)","https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305","https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128","https://security-tracker.debian.org/tracker/CVE-2020-35512"],"PublishedDate":"2021-02-15T17:15:00Z","LastModifiedDate":"2021-03-08T21:15:00Z"},{"VulnerabilityID":"CVE-2019-18218","PkgName":"file-libs","InstalledVersion":"5.33-16.el8_3.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-18218","Title":"file: heap-based buffer overflow in cdf_read_property_info in cdf.c","Description":"cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V3Score":9.8e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218","https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84","https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/","https://security.gentoo.org/glsa/202003-24","https://security.netapp.com/advisory/ntap-20200115-0001/","https://ubuntu.com/security/notices/USN-4172-1","https://ubuntu.com/security/notices/USN-4172-2","https://usn.ubuntu.com/4172-1/","https://usn.ubuntu.com/4172-2/","https://www.debian.org/security/2019/dsa-4550"],"PublishedDate":"2019-10-21T05:15:00Z","LastModifiedDate":"2021-09-14T12:09:00Z"},{"VulnerabilityID":"CVE-2019-8905","PkgName":"file-libs","InstalledVersion":"5.33-16.el8_3.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-8905","Title":"file: stack-based buffer over-read in do_core_note in readelf.c","Description":"do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":8.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","V3Score":5.4e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html","http://www.securityfocus.com/bid/107137","https://bugs.astron.com/view.php?id=63","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905","https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html","https://ubuntu.com/security/notices/USN-3911-1","https://usn.ubuntu.com/3911-1/"],"PublishedDate":"2019-02-18T17:29:00Z","LastModifiedDate":"2019-04-12T12:29:00Z"},{"VulnerabilityID":"CVE-2019-8906","PkgName":"file-libs","InstalledVersion":"5.33-16.el8_3.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-8906","Title":"file: out-of-bounds read in do_core_note in readelf.c","Description":"do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":8.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","V3Score":5.4e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html","https://bugs.astron.com/view.php?id=64","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906","https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f","https://support.apple.com/kb/HT209599","https://support.apple.com/kb/HT209600","https://support.apple.com/kb/HT209601","https://support.apple.com/kb/HT209602","https://ubuntu.com/security/notices/USN-3911-1","https://usn.ubuntu.com/3911-1/"],"PublishedDate":"2019-02-18T17:29:00Z","LastModifiedDate":"2019-04-16T16:01:00Z"},{"VulnerabilityID":"CVE-2021-27219","PkgName":"glib2","InstalledVersion":"2.56.4-9.el8","FixedVersion":"2.56.4-10.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-27219","Title":"glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits","Description":"An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.","Severity":"HIGH","CweIDs":["CWE-681"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V3Score":9.8e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27219","https://gitlab.gnome.org/GNOME/glib/-/issues/2319","https://linux.oracle.com/cve/CVE-2021-27219.html","https://linux.oracle.com/errata/ELSA-2021-9318.html","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/","https://security.netapp.com/advisory/ntap-20210319-0004/","https://ubuntu.com/security/notices/USN-4759-1"],"PublishedDate":"2021-02-15T17:15:00Z","LastModifiedDate":"2021-07-07T10:15:00Z"},{"VulnerabilityID":"CVE-2021-27218","PkgName":"glib2","InstalledVersion":"2.56.4-9.el8","FixedVersion":"2.56.4-10.el8_4.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-27218","Title":"glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform","Description":"An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.","Severity":"MEDIUM","CweIDs":["CWE-681"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27218","https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942","https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944","https://linux.oracle.com/cve/CVE-2021-27218.html","https://linux.oracle.com/errata/ELSA-2021-3058.html","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/","https://security.gentoo.org/glsa/202107-13","https://security.netapp.com/advisory/ntap-20210319-0004/","https://ubuntu.com/security/notices/USN-4759-1"],"PublishedDate":"2021-02-15T17:15:00Z","LastModifiedDate":"2021-09-14T16:38:00Z"},{"VulnerabilityID":"CVE-2018-16428","PkgName":"glib2","InstalledVersion":"2.56.4-9.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-16428","Title":"glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c","Description":"In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V3Score":9.8e0}},"References":["http://www.openwall.com/lists/oss-security/2020/02/14/3","http://www.securityfocus.com/bid/105210","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428","https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9","https://gitlab.gnome.org/GNOME/glib/issues/1364","https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html","https://ubuntu.com/security/notices/USN-3767-1","https://ubuntu.com/security/notices/USN-3767-2","https://usn.ubuntu.com/3767-1/","https://usn.ubuntu.com/3767-2/"],"PublishedDate":"2018-09-04T00:29:00Z","LastModifiedDate":"2019-07-31T21:15:00Z"},{"VulnerabilityID":"CVE-2018-16429","PkgName":"glib2","InstalledVersion":"2.56.4-9.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-16429","Title":"glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c","Description":"GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429","https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b","https://gitlab.gnome.org/GNOME/glib/issues/1361","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html","https://ubuntu.com/security/notices/USN-3767-1","https://ubuntu.com/security/notices/USN-3767-2","https://usn.ubuntu.com/3767-1/","https://usn.ubuntu.com/3767-2/"],"PublishedDate":"2018-09-04T00:29:00Z","LastModifiedDate":"2021-06-29T15:15:00Z"},{"VulnerabilityID":"CVE-2021-28153","PkgName":"glib2","InstalledVersion":"2.56.4-9.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-28153","Title":"glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink","Description":"An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)","Severity":"LOW","CweIDs":["CWE-59"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","V2Score":5,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","V3Score":5.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28153","https://gitlab.gnome.org/GNOME/glib/-/issues/2325","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/","https://security.netapp.com/advisory/ntap-20210416-0003/","https://ubuntu.com/security/notices/USN-4764-1"],"PublishedDate":"2021-03-11T22:15:00Z","LastModifiedDate":"2021-07-07T10:15:00Z"},{"VulnerabilityID":"CVE-2021-35942","PkgName":"glibc","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35942","Title":"glibc: Arbitrary read in wordexp()","Description":"The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.","Severity":"MEDIUM","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","V2Score":6.4e0,"V3Score":9.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","V3Score":9.1e0}},"References":["https://security.netapp.com/advisory/ntap-20210827-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=28011","https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c","https://sourceware.org/glibc/wiki/Security%20Exceptions"],"PublishedDate":"2021-07-22T18:15:00Z","LastModifiedDate":"2021-09-21T18:16:00Z"},{"VulnerabilityID":"CVE-2021-27645","PkgName":"glibc","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-27645","Title":"glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c","Description":"The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.","Severity":"LOW","CweIDs":["CWE-415"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V2Score":1.9e0,"V3Score":2.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":2.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/","https://sourceware.org/bugzilla/show_bug.cgi?id=27462"],"PublishedDate":"2021-02-24T15:15:00Z","LastModifiedDate":"2021-07-06T06:15:00Z"},{"VulnerabilityID":"CVE-2021-33574","PkgName":"glibc","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33574","Title":"glibc: mq_notify does not handle separately allocated thread attributes","Description":"The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/","https://security.gentoo.org/glsa/202107-07","https://security.netapp.com/advisory/ntap-20210629-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=27896","https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1"],"PublishedDate":"2021-05-25T22:15:00Z","LastModifiedDate":"2021-07-07T03:15:00Z"},{"VulnerabilityID":"CVE-2021-35942","PkgName":"glibc-common","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35942","Title":"glibc: Arbitrary read in wordexp()","Description":"The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.","Severity":"MEDIUM","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","V2Score":6.4e0,"V3Score":9.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","V3Score":9.1e0}},"References":["https://security.netapp.com/advisory/ntap-20210827-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=28011","https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c","https://sourceware.org/glibc/wiki/Security%20Exceptions"],"PublishedDate":"2021-07-22T18:15:00Z","LastModifiedDate":"2021-09-21T18:16:00Z"},{"VulnerabilityID":"CVE-2021-27645","PkgName":"glibc-common","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-27645","Title":"glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c","Description":"The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.","Severity":"LOW","CweIDs":["CWE-415"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V2Score":1.9e0,"V3Score":2.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":2.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/","https://sourceware.org/bugzilla/show_bug.cgi?id=27462"],"PublishedDate":"2021-02-24T15:15:00Z","LastModifiedDate":"2021-07-06T06:15:00Z"},{"VulnerabilityID":"CVE-2021-33574","PkgName":"glibc-common","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33574","Title":"glibc: mq_notify does not handle separately allocated thread attributes","Description":"The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/","https://security.gentoo.org/glsa/202107-07","https://security.netapp.com/advisory/ntap-20210629-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=27896","https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1"],"PublishedDate":"2021-05-25T22:15:00Z","LastModifiedDate":"2021-07-07T03:15:00Z"},{"VulnerabilityID":"CVE-2021-35942","PkgName":"glibc-minimal-langpack","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35942","Title":"glibc: Arbitrary read in wordexp()","Description":"The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.","Severity":"MEDIUM","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","V2Score":6.4e0,"V3Score":9.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","V3Score":9.1e0}},"References":["https://security.netapp.com/advisory/ntap-20210827-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=28011","https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c","https://sourceware.org/glibc/wiki/Security%20Exceptions"],"PublishedDate":"2021-07-22T18:15:00Z","LastModifiedDate":"2021-09-21T18:16:00Z"},{"VulnerabilityID":"CVE-2021-27645","PkgName":"glibc-minimal-langpack","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-27645","Title":"glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c","Description":"The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.","Severity":"LOW","CweIDs":["CWE-415"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V2Score":1.9e0,"V3Score":2.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":2.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/","https://sourceware.org/bugzilla/show_bug.cgi?id=27462"],"PublishedDate":"2021-02-24T15:15:00Z","LastModifiedDate":"2021-07-06T06:15:00Z"},{"VulnerabilityID":"CVE-2021-33574","PkgName":"glibc-minimal-langpack","InstalledVersion":"2.28-151.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33574","Title":"glibc: mq_notify does not handle separately allocated thread attributes","Description":"The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.","Severity":"LOW","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/","https://security.gentoo.org/glsa/202107-07","https://security.netapp.com/advisory/ntap-20210629-0005/","https://sourceware.org/bugzilla/show_bug.cgi?id=27896","https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1"],"PublishedDate":"2021-05-25T22:15:00Z","LastModifiedDate":"2021-07-07T03:15:00Z"},{"VulnerabilityID":"CVE-2021-20305","PkgName":"gnutls","InstalledVersion":"3.6.14-7.el8_3","FixedVersion":"3.6.14-8.el8_3","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20305","Title":"nettle: Out of bounds memory access in signature verification","Description":"A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.","Severity":"HIGH","CweIDs":["CWE-327"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":8.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","V3Score":8.1e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1942533","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305","https://linux.oracle.com/cve/CVE-2021-20305.html","https://linux.oracle.com/errata/ELSA-2021-1206.html","https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/","https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html","https://security.gentoo.org/glsa/202105-31","https://ubuntu.com/security/notices/USN-4906-1","https://www.debian.org/security/2021/dsa-4933"],"PublishedDate":"2021-04-05T22:15:00Z","LastModifiedDate":"2021-09-18T17:15:00Z"},{"VulnerabilityID":"CVE-2021-20231","PkgName":"gnutls","InstalledVersion":"3.6.14-7.el8_3","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20231","Title":"gnutls: Use after free in client key_share extension","Description":"A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","V3Score":3.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1922276","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231","https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/","https://security.netapp.com/advisory/ntap-20210416-0005/","https://ubuntu.com/security/notices/USN-5029-1","https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"],"PublishedDate":"2021-03-12T19:15:00Z","LastModifiedDate":"2021-06-01T14:07:00Z"},{"VulnerabilityID":"CVE-2021-20232","PkgName":"gnutls","InstalledVersion":"3.6.14-7.el8_3","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20232","Title":"gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c","Description":"A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","V3Score":3.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1922275","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232","https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/","https://security.netapp.com/advisory/ntap-20210416-0005/","https://ubuntu.com/security/notices/USN-5029-1","https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"],"PublishedDate":"2021-03-12T19:15:00Z","LastModifiedDate":"2021-05-17T14:30:00Z"},{"VulnerabilityID":"CVE-2020-12762","PkgName":"json-c","InstalledVersion":"0.13.1-0.4.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-12762","Title":"json-c: integer overflow and out-of-bounds write via a large JSON file","Description":"json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.","Severity":"MEDIUM","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":7.8e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762","https://github.com/json-c/json-c/pull/592","https://github.com/rsyslog/libfastjson/issues/161","https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/","https://security.gentoo.org/glsa/202006-13","https://security.netapp.com/advisory/ntap-20210521-0001/","https://ubuntu.com/security/notices/USN-4360-1","https://ubuntu.com/security/notices/USN-4360-4","https://usn.ubuntu.com/4360-1/","https://usn.ubuntu.com/4360-4/","https://www.debian.org/security/2020/dsa-4741"],"PublishedDate":"2020-05-09T18:15:00Z","LastModifiedDate":"2021-05-21T09:15:00Z"},{"VulnerabilityID":"CVE-2021-20269","PkgName":"kexec-tools","InstalledVersion":"2.0.20-46.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20269","Title":"kernel: incorrect permissions on kdump dmesg file","Description":"A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality.","Severity":"LOW","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","V3Score":4.7e0}}},{"VulnerabilityID":"CVE-2021-36222","PkgName":"krb5-libs","InstalledVersion":"1.18.2-8.el8","FixedVersion":"1.18.2-8.3.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-36222","Title":"krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS","Description":"ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.","Severity":"MEDIUM","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222","https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562","https://github.com/krb5/krb5/releases","https://linux.oracle.com/cve/CVE-2021-36222.html","https://linux.oracle.com/errata/ELSA-2021-3576.html","https://web.mit.edu/kerberos/advisories/","https://www.debian.org/security/2021/dsa-4944"],"PublishedDate":"2021-07-22T18:15:00Z","LastModifiedDate":"2021-08-02T19:14:00Z"},{"VulnerabilityID":"CVE-2021-37750","PkgName":"krb5-libs","InstalledVersion":"1.18.2-8.el8","FixedVersion":"1.18.2-8.3.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-37750","Title":"krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field","Description":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.","Severity":"MEDIUM","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49","https://github.com/krb5/krb5/releases","https://linux.oracle.com/cve/CVE-2021-37750.html","https://linux.oracle.com/errata/ELSA-2021-3576.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/","https://security.netapp.com/advisory/ntap-20210923-0002/","https://web.mit.edu/kerberos/advisories/"],"PublishedDate":"2021-08-23T05:15:00Z","LastModifiedDate":"2021-09-23T13:15:00Z"},{"VulnerabilityID":"CVE-2020-21674","PkgName":"libarchive","InstalledVersion":"3.3.3-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-21674","Title":"libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c","Description":"Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4","https://github.com/libarchive/libarchive/issues/1298"],"PublishedDate":"2020-10-15T15:15:00Z","LastModifiedDate":"2020-10-26T15:53:00Z"},{"VulnerabilityID":"CVE-2017-14166","PkgName":"libarchive","InstalledVersion":"3.3.3-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2017-14166","Title":"libarchive: Heap-based buffer over-read in the atol8 function","Description":"libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.openwall.com/lists/oss-security/2017/09/06/5","https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166","https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71","https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","https://security.gentoo.org/glsa/201908-11","https://ubuntu.com/security/notices/USN-3736-1","https://usn.ubuntu.com/3736-1/","https://www.debian.org/security/2018/dsa-4360"],"PublishedDate":"2017-09-06T18:29:00Z","LastModifiedDate":"2019-08-15T18:15:00Z"},{"VulnerabilityID":"CVE-2017-14501","PkgName":"libarchive","InstalledVersion":"3.3.3-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2017-14501","Title":"libarchive: Out-of-bounds read in parse_file_info","Description":"An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://bugs.debian.org/875966","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501","https://github.com/libarchive/libarchive/issues/949","https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","https://security.gentoo.org/glsa/201908-11","https://ubuntu.com/security/notices/USN-3736-1","https://usn.ubuntu.com/3736-1/","https://www.debian.org/security/2018/dsa-4360"],"PublishedDate":"2017-09-17T18:29:00Z","LastModifiedDate":"2018-12-28T16:29:00Z"},{"VulnerabilityID":"CVE-2018-1000879","PkgName":"libarchive","InstalledVersion":"3.3.3-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-1000879","Title":"libarchive: NULL pointer dereference in ACL parser resulting in a denial of service","Description":"libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://www.securityfocus.com/bid/106324","https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909","https://github.com/libarchive/libarchive/pull/1105","https://github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/"],"PublishedDate":"2018-12-20T17:29:00Z","LastModifiedDate":"2019-11-06T15:43:00Z"},{"VulnerabilityID":"CVE-2018-1000880","PkgName":"libarchive","InstalledVersion":"3.3.3-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-1000880","Title":"libarchive: Improper input validation in WARC parser resulting in a denial of service","Description":"libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.","Severity":"LOW","CweIDs":["CWE-119"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://www.securityfocus.com/bid/106324","https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880","https://github.com/libarchive/libarchive/pull/1105","https://github.com/libarchive/libarchive/pull/1105/commits/9c84b7426660c09c18cc349f6d70b5f8168b5680","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://ubuntu.com/security/notices/USN-3859-1","https://usn.ubuntu.com/3859-1/","https://www.debian.org/security/2018/dsa-4360"],"PublishedDate":"2018-12-20T17:29:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2021-22876","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22876","Title":"curl: Leak of authentication credentials in URL via automatic Referer","Description":"curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","V2Score":5,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","V3Score":3.7e0}},"References":["https://curl.se/docs/CVE-2021-22876.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876","https://hackerone.com/reports/1101882","https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/","https://security.gentoo.org/glsa/202105-36","https://security.netapp.com/advisory/ntap-20210521-0007/","https://ubuntu.com/security/notices/USN-4898-1","https://ubuntu.com/security/notices/USN-4903-1"],"PublishedDate":"2021-04-01T18:15:00Z","LastModifiedDate":"2021-07-20T23:15:00Z"},{"VulnerabilityID":"CVE-2021-22922","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","FixedVersion":"7.61.1-18.el8_4.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22922","Title":"curl: Content not matching hash in Metalink is not being discarded","Description":"When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.","Severity":"MEDIUM","CweIDs":["CWE-354"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V3Score":6.5e0}},"References":["https://curl.se/docs/CVE-2021-22922.html","https://hackerone.com/reports/1213175","https://linux.oracle.com/cve/CVE-2021-22922.html","https://linux.oracle.com/errata/ELSA-2021-3582.html","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-21T19:09:00Z"},{"VulnerabilityID":"CVE-2021-22923","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","FixedVersion":"7.61.1-18.el8_4.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22923","Title":"curl: Metalink download sends credentials","Description":"When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.","Severity":"MEDIUM","CweIDs":["CWE-522"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","V2Score":2.6e0,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","V3Score":5.7e0}},"References":["https://curl.se/docs/CVE-2021-22923.html","https://hackerone.com/reports/1213181","https://linux.oracle.com/cve/CVE-2021-22923.html","https://linux.oracle.com/errata/ELSA-2021-3582.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-21T19:09:00Z"},{"VulnerabilityID":"CVE-2021-22924","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","FixedVersion":"7.61.1-18.el8_4.1","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22924","Title":"curl: Bad connection reuse due to flawed path name checks","Description":"libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.","Severity":"MEDIUM","CweIDs":["CWE-706"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","V2Score":4.3e0,"V3Score":3.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","V3Score":3.7e0}},"References":["https://curl.se/docs/CVE-2021-22924.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924","https://hackerone.com/reports/1223565","https://linux.oracle.com/cve/CVE-2021-22924.html","https://linux.oracle.com/errata/ELSA-2021-3582.html","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E","https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/","https://ubuntu.com/security/notices/USN-5021-1"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-07T15:16:00Z"},{"VulnerabilityID":"CVE-2021-22946","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22946","Title":"curl: protocol downgrade required TLS bypassed","Description":"A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl client continue its operation without TLS encryption leading to data being transmitted in clear text over the network. The highest threat from this vulnerability is to data confidentiality.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","V3Score":6.1e0}},"References":["https://curl.se/docs/CVE-2021-22946.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946","https://ubuntu.com/security/notices/USN-5079-1","https://ubuntu.com/security/notices/USN-5079-2"]},{"VulnerabilityID":"CVE-2021-22947","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22947","Title":"curl: STARTTLS protocol injection via MITM","Description":"A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as valid and authenticated and use them. An attacker could potentially use this flaw to carry out a Man-In-The-Middle attack. The highest threat from this vulnerability is to data confidentiality.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","V3Score":6.1e0}},"References":["https://curl.se/docs/CVE-2021-22947.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947","https://launchpad.net/bugs/1944120 (regression bug)","https://ubuntu.com/security/notices/USN-5079-1","https://ubuntu.com/security/notices/USN-5079-2","https://ubuntu.com/security/notices/USN-5079-3","https://ubuntu.com/security/notices/USN-5079-4"]},{"VulnerabilityID":"CVE-2021-22898","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22898","Title":"curl: TELNET stack contents disclosure","Description":"curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.","Severity":"LOW","CweIDs":["CWE-909"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","V2Score":2.6e0,"V3Score":3.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","V3Score":3.1e0}},"References":["http://www.openwall.com/lists/oss-security/2021/07/21/4","https://curl.se/docs/CVE-2021-22898.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898","https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","https://hackerone.com/reports/1176461","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","https://ubuntu.com/security/notices/USN-5021-1","https://www.oracle.com//security-alerts/cpujul2021.html"],"PublishedDate":"2021-06-11T16:15:00Z","LastModifiedDate":"2021-09-20T12:17:00Z"},{"VulnerabilityID":"CVE-2021-22925","PkgName":"libcurl-minimal","InstalledVersion":"7.61.1-18.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-22925","Title":"curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure","Description":"curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.","Severity":"LOW","CweIDs":["CWE-908"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","V2Score":5,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","V3Score":3.1e0}},"References":["http://seclists.org/fulldisclosure/2021/Sep/39","http://seclists.org/fulldisclosure/2021/Sep/40","https://curl.se/docs/CVE-2021-22925.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925","https://hackerone.com/reports/1223882","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.netapp.com/advisory/ntap-20210902-0003/","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212805","https://ubuntu.com/security/notices/USN-5021-1"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-22T00:15:00Z"},{"VulnerabilityID":"CVE-2021-3445","PkgName":"libdnf","InstalledVersion":"0.55.0-7.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3445","Title":"libdnf: libdnf does its own signature verification, but this can be tricked by placing a signature in the main header","Description":"A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.","Severity":"MEDIUM","CweIDs":["CWE-347"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":5.1e0,"V3Score":8.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.4e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1932079","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3445","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-06-02T14:58:00Z"},{"VulnerabilityID":"CVE-2018-20673","PkgName":"libgcc","InstalledVersion":"8.4.1-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20673","Title":"libiberty: Integer overflow in demangle_template() function","Description":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.","Severity":"MEDIUM","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://www.securityfocus.com/bid/106454","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20673","https://sourceware.org/bugzilla/show_bug.cgi?id=24039"],"PublishedDate":"2019-01-04T18:29:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2018-20657","PkgName":"libgcc","InstalledVersion":"8.4.1-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20657","Title":"libiberty: Memory leak in demangle_template function resulting in a denial of service","Description":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.","Severity":"LOW","CweIDs":["CWE-772"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/106444","https://access.redhat.com/errata/RHSA-2019:3352","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539","https://linux.oracle.com/cve/CVE-2018-20657.html","https://linux.oracle.com/errata/ELSA-2019-3352.html","https://support.f5.com/csp/article/K62602089"],"PublishedDate":"2019-01-02T14:29:00Z","LastModifiedDate":"2019-11-06T01:15:00Z"},{"VulnerabilityID":"CVE-2019-14250","PkgName":"libgcc","InstalledVersion":"8.4.1-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-14250","Title":"binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow","Description":"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.","Severity":"LOW","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","http://www.securityfocus.com/bid/109354","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14250","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924","https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html","https://security.gentoo.org/glsa/202007-39","https://security.netapp.com/advisory/ntap-20190822-0002/","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-07-24T04:15:00Z","LastModifiedDate":"2020-11-02T21:15:00Z"},{"VulnerabilityID":"CVE-2019-12904","PkgName":"libgcrypt","InstalledVersion":"1.8.5-4.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-12904","Title":"Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack","Description":"** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack.","Severity":"MEDIUM","CweIDs":["CWE-310"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","V2Score":4.3e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","V3Score":5.9e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html","https://dev.gnupg.org/T4541","https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020","https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html"],"PublishedDate":"2019-06-20T00:15:00Z","LastModifiedDate":"2021-07-21T11:39:00Z"},{"VulnerabilityID":"CVE-2021-33560","PkgName":"libgcrypt","InstalledVersion":"1.8.5-4.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33560","Title":"libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm","Description":"Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.","Severity":"MEDIUM","CweIDs":["CWE-203"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560","https://dev.gnupg.org/T5305","https://dev.gnupg.org/T5328","https://dev.gnupg.org/T5466","https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61","https://eprint.iacr.org/2021/923","https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/","https://ubuntu.com/security/notices/USN-5080-1","https://ubuntu.com/security/notices/USN-5080-2"],"PublishedDate":"2021-06-08T11:15:00Z","LastModifiedDate":"2021-09-13T19:47:00Z"},{"VulnerabilityID":"CVE-2021-36084","PkgName":"libsepol","InstalledVersion":"2.9-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-36084","Title":"libsepol: use-after-free in __cil_verify_classperms()","Description":"The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V2Score":2.1e0,"V3Score":3.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065","https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3","https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml"],"PublishedDate":"2021-07-01T03:15:00Z","LastModifiedDate":"2021-07-26T18:03:00Z"},{"VulnerabilityID":"CVE-2021-36085","PkgName":"libsepol","InstalledVersion":"2.9-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-36085","Title":"libsepol: use-after-free in __cil_verify_classperms()","Description":"The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V2Score":2.1e0,"V3Score":3.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124","https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba","https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml"],"PublishedDate":"2021-07-01T03:15:00Z","LastModifiedDate":"2021-07-26T18:03:00Z"},{"VulnerabilityID":"CVE-2021-36086","PkgName":"libsepol","InstalledVersion":"2.9-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-36086","Title":"libsepol: use-after-free in cil_reset_classpermission()","Description":"The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V2Score":2.1e0,"V3Score":3.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177","https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8","https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml"],"PublishedDate":"2021-07-01T03:15:00Z","LastModifiedDate":"2021-07-26T17:42:00Z"},{"VulnerabilityID":"CVE-2021-36087","PkgName":"libsepol","InstalledVersion":"2.9-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-36087","Title":"libsepol: heap-based buffer overflow in ebitmap_match_any()","Description":"The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.","Severity":"MEDIUM","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V2Score":2.1e0,"V3Score":3.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675","https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac","https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml"],"PublishedDate":"2021-07-01T03:15:00Z","LastModifiedDate":"2021-07-26T22:15:00Z"},{"VulnerabilityID":"CVE-2021-33928","PkgName":"libsolv","InstalledVersion":"0.7.16-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33928","Title":"libsolv: heap-based buffer overflow in pool_installable() in src/repo.h","Description":"Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33928","https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)","https://github.com/openSUSE/libsolv/issues/417"],"PublishedDate":"2021-09-02T15:15:00Z","LastModifiedDate":"2021-09-07T21:14:00Z"},{"VulnerabilityID":"CVE-2021-33929","PkgName":"libsolv","InstalledVersion":"0.7.16-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33929","Title":"libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h","Description":"Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33929","https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)","https://github.com/openSUSE/libsolv/issues/417"],"PublishedDate":"2021-09-02T15:15:00Z","LastModifiedDate":"2021-09-07T21:14:00Z"},{"VulnerabilityID":"CVE-2021-33930","PkgName":"libsolv","InstalledVersion":"0.7.16-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33930","Title":"libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h","Description":"Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33930","https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)","https://github.com/openSUSE/libsolv/issues/417"],"PublishedDate":"2021-09-02T15:15:00Z","LastModifiedDate":"2021-09-07T21:11:00Z"},{"VulnerabilityID":"CVE-2021-33938","PkgName":"libsolv","InstalledVersion":"0.7.16-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33938","Title":"libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c","Description":"Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33938","https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)","https://github.com/openSUSE/libsolv/issues/420"],"PublishedDate":"2021-09-02T15:15:00Z","LastModifiedDate":"2021-09-07T21:11:00Z"},{"VulnerabilityID":"CVE-2021-3200","PkgName":"libsolv","InstalledVersion":"0.7.16-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3200","Title":"libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c","Description":"Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service","Severity":"LOW","CweIDs":["CWE-120"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V2Score":4.3e0,"V3Score":3.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://github.com/openSUSE/libsolv/issues/416","https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/PoC-testcase_read-2334"],"PublishedDate":"2021-05-18T17:15:00Z","LastModifiedDate":"2021-06-03T15:26:00Z"},{"VulnerabilityID":"CVE-2018-20673","PkgName":"libstdc++","InstalledVersion":"8.4.1-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20673","Title":"libiberty: Integer overflow in demangle_template() function","Description":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.","Severity":"MEDIUM","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://www.securityfocus.com/bid/106454","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20673","https://sourceware.org/bugzilla/show_bug.cgi?id=24039"],"PublishedDate":"2019-01-04T18:29:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2018-20657","PkgName":"libstdc++","InstalledVersion":"8.4.1-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20657","Title":"libiberty: Memory leak in demangle_template function resulting in a denial of service","Description":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.","Severity":"LOW","CweIDs":["CWE-772"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://www.securityfocus.com/bid/106444","https://access.redhat.com/errata/RHSA-2019:3352","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539","https://linux.oracle.com/cve/CVE-2018-20657.html","https://linux.oracle.com/errata/ELSA-2019-3352.html","https://support.f5.com/csp/article/K62602089"],"PublishedDate":"2019-01-02T14:29:00Z","LastModifiedDate":"2019-11-06T01:15:00Z"},{"VulnerabilityID":"CVE-2019-14250","PkgName":"libstdc++","InstalledVersion":"8.4.1-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-14250","Title":"binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow","Description":"An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.","Severity":"LOW","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html","http://www.securityfocus.com/bid/109354","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14250","https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924","https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html","https://security.gentoo.org/glsa/202007-39","https://security.netapp.com/advisory/ntap-20190822-0002/","https://ubuntu.com/security/notices/USN-4326-1","https://ubuntu.com/security/notices/USN-4336-1","https://ubuntu.com/security/notices/USN-4336-2","https://usn.ubuntu.com/4326-1/","https://usn.ubuntu.com/4336-1/"],"PublishedDate":"2019-07-24T04:15:00Z","LastModifiedDate":"2020-11-02T21:15:00Z"},{"VulnerabilityID":"CVE-2018-1000654","PkgName":"libtasn1","InstalledVersion":"4.13-3.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-1000654","Title":"libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion","Description":"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","V3Score":4}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html","http://www.securityfocus.com/bid/105151","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654","https://gitlab.com/gnutls/libtasn1/issues/4","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"],"PublishedDate":"2018-08-20T19:31:00Z","LastModifiedDate":"2021-02-25T17:15:00Z"},{"VulnerabilityID":"CVE-2021-3516","PkgName":"libxml2","InstalledVersion":"2.9.7-9.el8","FixedVersion":"2.9.7-9.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3516","Title":"libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c","Description":"There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":7.8e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1954225","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516","https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539","https://gitlab.gnome.org/GNOME/libxml2/-/issues/230","https://linux.oracle.com/cve/CVE-2021-3516.html","https://linux.oracle.com/errata/ELSA-2021-2569.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","https://security.gentoo.org/glsa/202107-05","https://security.netapp.com/advisory/ntap-20210716-0005/","https://ubuntu.com/security/notices/USN-4991-1"],"PublishedDate":"2021-06-01T14:15:00Z","LastModifiedDate":"2021-09-14T17:08:00Z"},{"VulnerabilityID":"CVE-2021-3517","PkgName":"libxml2","InstalledVersion":"2.9.7-9.el8","FixedVersion":"2.9.7-9.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3517","Title":"libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c","Description":"There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","V2Score":7.5e0,"V3Score":8.6e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","V3Score":8.6e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1954232","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517","https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2","https://gitlab.gnome.org/GNOME/libxml2/-/issues/235","https://linux.oracle.com/cve/CVE-2021-3517.html","https://linux.oracle.com/errata/ELSA-2021-2569.html","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","https://security.gentoo.org/glsa/202107-05","https://security.netapp.com/advisory/ntap-20210625-0002/","https://ubuntu.com/security/notices/USN-4991-1"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-09-13T19:49:00Z"},{"VulnerabilityID":"CVE-2021-3518","PkgName":"libxml2","InstalledVersion":"2.9.7-9.el8","FixedVersion":"2.9.7-9.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3518","Title":"libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c","Description":"There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.","Severity":"MEDIUM","CweIDs":["CWE-416"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":8.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","V3Score":8.6e0}},"References":["http://seclists.org/fulldisclosure/2021/Jul/54","http://seclists.org/fulldisclosure/2021/Jul/55","http://seclists.org/fulldisclosure/2021/Jul/58","http://seclists.org/fulldisclosure/2021/Jul/59","https://bugzilla.redhat.com/show_bug.cgi?id=1954242","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518","https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7","https://gitlab.gnome.org/GNOME/libxml2/-/issues/237","https://linux.oracle.com/cve/CVE-2021-3518.html","https://linux.oracle.com/errata/ELSA-2021-2569.html","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","https://security.gentoo.org/glsa/202107-05","https://security.netapp.com/advisory/ntap-20210625-0002/","https://support.apple.com/kb/HT212601","https://support.apple.com/kb/HT212602","https://support.apple.com/kb/HT212604","https://support.apple.com/kb/HT212605","https://ubuntu.com/security/notices/USN-4991-1"],"PublishedDate":"2021-05-18T12:15:00Z","LastModifiedDate":"2021-09-13T19:50:00Z"},{"VulnerabilityID":"CVE-2021-3537","PkgName":"libxml2","InstalledVersion":"2.9.7-9.el8","FixedVersion":"2.9.7-9.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3537","Title":"libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode","Description":"A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.","Severity":"MEDIUM","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1956522","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537","https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61","https://gitlab.gnome.org/GNOME/libxml2/-/issues/243","https://gitlab.gnome.org/GNOME/libxml2/-/issues/244","https://gitlab.gnome.org/GNOME/libxml2/-/issues/245","https://linux.oracle.com/cve/CVE-2021-3537.html","https://linux.oracle.com/errata/ELSA-2021-2569.html","https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","https://security.gentoo.org/glsa/202107-05","https://security.netapp.com/advisory/ntap-20210625-0002/","https://ubuntu.com/security/notices/USN-4991-1"],"PublishedDate":"2021-05-14T20:15:00Z","LastModifiedDate":"2021-09-13T19:09:00Z"},{"VulnerabilityID":"CVE-2021-3541","PkgName":"libxml2","InstalledVersion":"2.9.7-9.el8","FixedVersion":"2.9.7-9.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3541","Title":"libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms","Description":"A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.","Severity":"MEDIUM","CweIDs":["CWE-776"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/","https://bugzilla.redhat.com/show_bug.cgi?id=1950515","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541","https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e","https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private)","https://linux.oracle.com/cve/CVE-2021-3541.html","https://linux.oracle.com/errata/ELSA-2021-2569.html","https://ubuntu.com/security/notices/USN-4991-1"],"PublishedDate":"2021-07-09T17:15:00Z","LastModifiedDate":"2021-08-05T12:15:00Z"},{"VulnerabilityID":"CVE-2021-24032","PkgName":"libzstd","InstalledVersion":"1.4.4-1.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-24032","Title":"zstd: Race condition allows attacker to access world-readable destination file","Description":"Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.","Severity":"LOW","CweIDs":["CWE-276"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","V2Score":1.9e0,"V3Score":4.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","V3Score":5.5e0}},"References":["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24032","https://github.com/facebook/zstd/issues/2491","https://ubuntu.com/security/notices/USN-4760-1","https://www.facebook.com/security/advisories/cve-2021-24032"],"PublishedDate":"2021-03-04T21:15:00Z","LastModifiedDate":"2021-04-28T20:04:00Z"},{"VulnerabilityID":"CVE-2020-24370","PkgName":"lua-libs","InstalledVersion":"5.3.4-11.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-24370","Title":"lua: segmentation fault in getlocal and setlocal functions in ldebug.c","Description":"ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).","Severity":"LOW","CweIDs":["CWE-191"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","V2Score":5,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","V3Score":5.3e0}},"References":["http://lua-users.org/lists/lua-l/2020-07/msg00324.html","https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b","https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/"],"PublishedDate":"2020-08-17T17:15:00Z","LastModifiedDate":"2020-09-26T16:15:00Z"},{"VulnerabilityID":"CVE-2019-17543","PkgName":"lz4-libs","InstalledVersion":"1.8.3-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-17543","Title":"lz4: heap-based buffer overflow in LZ4_write32","Description":"LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":8.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","V3Score":8.1e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941","https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2","https://github.com/lz4/lz4/issues/801","https://github.com/lz4/lz4/pull/756","https://github.com/lz4/lz4/pull/760","https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E","https://lists.apache.org/thread.html/543302d55e2d2da4311994e9b0debdc676bf3fd05e1a2be3407aa2d6@%3Cissues.arrow.apache.org%3E","https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E","https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E","https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E","https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E","https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26@%3Cissues.kudu.apache.org%3E","https://lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720@%3Cissues.kudu.apache.org%3E","https://lists.apache.org/thread.html/r7bc72200f94298bc9a0e35637f388deb53467ca4b2e2ad1ff66d8960@%3Cissues.kudu.apache.org%3E","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"PublishedDate":"2019-10-14T02:15:00Z","LastModifiedDate":"2021-07-23T12:15:00Z"},{"VulnerabilityID":"CVE-2021-3520","PkgName":"lz4-libs","InstalledVersion":"1.8.3-2.el8","FixedVersion":"1.8.3-3.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3520","Title":"lz4: memory corruption due to an integer overflow bug caused by memmove argument","Description":"There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.","Severity":"MEDIUM","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":7.5e0,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","V3Score":8.6e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1954559","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520","https://github.com/lz4/lz4/pull/972","https://linux.oracle.com/cve/CVE-2021-3520.html","https://linux.oracle.com/errata/ELSA-2021-2575.html","https://ubuntu.com/security/notices/USN-4968-1","https://ubuntu.com/security/notices/USN-4968-2"],"PublishedDate":"2021-06-02T13:15:00Z","LastModifiedDate":"2021-07-20T23:15:00Z"},{"VulnerabilityID":"CVE-2020-14672","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14672","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14672","https://linux.oracle.com/cve/CVE-2020-14672.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14765","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14765","Title":"mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14765","https://linux.oracle.com/cve/CVE-2020-14765.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14769","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14769","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14769","https://linux.oracle.com/cve/CVE-2020-14769.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14773","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14773","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14773","https://linux.oracle.com/cve/CVE-2020-14773.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14775","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14775","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14775","https://linux.oracle.com/cve/CVE-2020-14775.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14776","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14776","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14776","https://linux.oracle.com/cve/CVE-2020-14776.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14777","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14777","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14777","https://linux.oracle.com/cve/CVE-2020-14777.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14785","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14785","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14785","https://linux.oracle.com/cve/CVE-2020-14785.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-06-02T13:25:00Z"},{"VulnerabilityID":"CVE-2020-14786","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14786","Title":"mysql: Server: PS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14786","https://linux.oracle.com/cve/CVE-2020-14786.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14789","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14789","Title":"mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14789","https://linux.oracle.com/cve/CVE-2020-14789.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14790","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14790","Title":"mysql: Server: PS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14790","https://linux.oracle.com/cve/CVE-2020-14790.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14793","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14793","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14793","https://linux.oracle.com/cve/CVE-2020-14793.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14794","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14794","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14794","https://linux.oracle.com/cve/CVE-2020-14794.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14800","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14800","Title":"mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14800","https://linux.oracle.com/cve/CVE-2020-14800.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14804","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14804","Title":"mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14804","https://linux.oracle.com/cve/CVE-2020-14804.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14809","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14809","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14809","https://linux.oracle.com/cve/CVE-2020-14809.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14812","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14812","Title":"mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14812","https://linux.oracle.com/cve/CVE-2020-14812.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-06-02T13:26:00Z"},{"VulnerabilityID":"CVE-2020-14814","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14814","Title":"mysql: Server: DML unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14814","https://linux.oracle.com/cve/CVE-2020-14814.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-06-02T13:26:00Z"},{"VulnerabilityID":"CVE-2020-14821","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14821","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14821","https://linux.oracle.com/cve/CVE-2020-14821.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14828","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14828","Title":"mysql: Server: DML unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","V2Score":6.5e0,"V3Score":7.2e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","V3Score":7.2e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14828","https://linux.oracle.com/cve/CVE-2020-14828.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14829","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14829","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14829","https://linux.oracle.com/cve/CVE-2020-14829.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14830","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14830","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14830","https://linux.oracle.com/cve/CVE-2020-14830.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14836","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14836","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14836","https://linux.oracle.com/cve/CVE-2020-14836.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14837","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14837","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14837","https://linux.oracle.com/cve/CVE-2020-14837.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14838","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14838","Title":"mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":4.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V3Score":4.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14838","https://linux.oracle.com/cve/CVE-2020-14838.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14839","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14839","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14839","https://linux.oracle.com/cve/CVE-2020-14839.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14844","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14844","Title":"mysql: Server: PS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14844","https://linux.oracle.com/cve/CVE-2020-14844.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14845","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14845","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14845","https://linux.oracle.com/cve/CVE-2020-14845.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14846","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14846","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14846","https://linux.oracle.com/cve/CVE-2020-14846.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14848","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14848","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14848","https://linux.oracle.com/cve/CVE-2020-14848.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14852","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14852","Title":"mysql: Server: Charsets unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14852","https://linux.oracle.com/cve/CVE-2020-14852.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14861","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14861","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14861","https://linux.oracle.com/cve/CVE-2020-14861.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14866","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14866","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14866","https://linux.oracle.com/cve/CVE-2020-14866.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14867","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14867","Title":"mysql: Server: DDL unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14867","https://linux.oracle.com/cve/CVE-2020-14867.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14868","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14868","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14868","https://linux.oracle.com/cve/CVE-2020-14868.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14870","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14870","Title":"mysql: Server: X Plugin unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14870","https://linux.oracle.com/cve/CVE-2020-14870.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14873","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14873","Title":"mysql: Server: Logging unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14873","https://linux.oracle.com/cve/CVE-2020-14873.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14888","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14888","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14888","https://linux.oracle.com/cve/CVE-2020-14888.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14891","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14891","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14891","https://linux.oracle.com/cve/CVE-2020-14891.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14893","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14893","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14893","https://linux.oracle.com/cve/CVE-2020-14893.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2001","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2001","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2001","https://linux.oracle.com/cve/CVE-2021-2001.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2002","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2002","Title":"mysql: Server: Replication unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2002","https://linux.oracle.com/cve/CVE-2021-2002.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2010","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2010","Title":"mysql: C API unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","V2Score":4.9e0,"V3Score":4.2e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","V3Score":4.2e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2010","https://linux.oracle.com/cve/CVE-2021-2010.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210622-0001/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-06-22T09:15:00Z"},{"VulnerabilityID":"CVE-2021-2011","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2011","Title":"mysql: C API unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2011","https://linux.oracle.com/cve/CVE-2021-2011.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210622-0001/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-06-22T09:15:00Z"},{"VulnerabilityID":"CVE-2021-2021","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2021","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2021","https://linux.oracle.com/cve/CVE-2021-2021.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2022","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2022","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2022","https://linux.oracle.com/cve/CVE-2021-2022.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2024","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2024","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2024","https://linux.oracle.com/cve/CVE-2021-2024.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2028","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2028","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2028","https://linux.oracle.com/cve/CVE-2021-2028.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2030","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2030","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2030","https://linux.oracle.com/cve/CVE-2021-2030.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2031","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2031","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2031","https://linux.oracle.com/cve/CVE-2021-2031.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2032","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2032","Title":"mysql: Information Schema unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":4.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V3Score":4.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2032","https://linux.oracle.com/cve/CVE-2021-2032.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2036","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2036","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2036","https://linux.oracle.com/cve/CVE-2021-2036.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2038","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2038","Title":"mysql: Server: Components Services unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2038","https://linux.oracle.com/cve/CVE-2021-2038.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2046","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2046","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","V3Score":6.8e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2046","https://linux.oracle.com/cve/CVE-2021-2046.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2048","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2048","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V2Score":7,"V3Score":5},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V3Score":5}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2048","https://linux.oracle.com/cve/CVE-2021-2048.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2055","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2055","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2055","https://linux.oracle.com/cve/CVE-2021-2055.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2056","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2056","Title":"mysql: Server: DML unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2056","https://linux.oracle.com/cve/CVE-2021-2056.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2058","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2058","Title":"mysql: Server: Locking unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2058","https://linux.oracle.com/cve/CVE-2021-2058.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2060","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2060","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2060","https://linux.oracle.com/cve/CVE-2021-2060.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2061","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2061","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2061","https://linux.oracle.com/cve/CVE-2021-2061.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2065","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2065","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2065","https://linux.oracle.com/cve/CVE-2021-2065.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2070","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2070","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2070","https://linux.oracle.com/cve/CVE-2021-2070.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2072","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2072","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2072","https://linux.oracle.com/cve/CVE-2021-2072.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2076","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2076","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2076","https://linux.oracle.com/cve/CVE-2021-2076.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2081","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2081","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2081","https://linux.oracle.com/cve/CVE-2021-2081.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2087","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2087","Title":"mysql: Server: DML unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2087","https://linux.oracle.com/cve/CVE-2021-2087.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2088","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2088","Title":"mysql: Server: DML unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2088","https://linux.oracle.com/cve/CVE-2021-2088.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2122","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2122","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2122","https://linux.oracle.com/cve/CVE-2021-2122.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2146","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2146","Title":"mysql: Server: Options unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2146","https://linux.oracle.com/cve/CVE-2021-2146.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2164","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2164","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2164","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2164","https://linux.oracle.com/cve/CVE-2021-2164.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2166","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2166","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2166","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166","https://linux.oracle.com/cve/CVE-2021-2166.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.gentoo.org/glsa/202105-27","https://security.gentoo.org/glsa/202105-28","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2169","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2169","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2169","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2169","https://linux.oracle.com/cve/CVE-2021-2169.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2170","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2170","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2170","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2170","https://linux.oracle.com/cve/CVE-2021-2170.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2171","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2171","Title":"mysql: Server: Replication unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":3.5e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2171","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2171","https://linux.oracle.com/cve/CVE-2021-2171.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2172","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2172","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2172","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2172","https://linux.oracle.com/cve/CVE-2021-2172.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2174","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2174","Title":"mysql: InnoDB unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":3.5e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2174","https://linux.oracle.com/cve/CVE-2021-2174.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2178","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2178","Title":"mysql: Server: Replication unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2178","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2178","https://linux.oracle.com/cve/CVE-2021-2178.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2179","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2179","Title":"mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2179","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2179","https://linux.oracle.com/cve/CVE-2021-2179.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2180","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2180","Title":"mysql: InnoDB unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2180","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2180","https://linux.oracle.com/cve/CVE-2021-2180.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.gentoo.org/glsa/202105-27","https://security.gentoo.org/glsa/202105-28","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2193","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2193","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2193","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2193","https://linux.oracle.com/cve/CVE-2021-2193.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2194","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2194","Title":"mysql: InnoDB unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2194","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2194","https://linux.oracle.com/cve/CVE-2021-2194.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2196","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2196","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2196","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2196","https://linux.oracle.com/cve/CVE-2021-2196.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2201","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2201","Title":"mysql: Server: Partition unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2201","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2201","https://linux.oracle.com/cve/CVE-2021-2201.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2202","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2202","Title":"mysql: Server: Replication unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2202","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2202","https://linux.oracle.com/cve/CVE-2021-2202.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2203","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2203","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2203","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2203","https://linux.oracle.com/cve/CVE-2021-2203.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2208","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2208","Title":"mysql: Server: Partition unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2208","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2208","https://linux.oracle.com/cve/CVE-2021-2208.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2212","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2212","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2212","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2212","https://linux.oracle.com/cve/CVE-2021-2212.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2213","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2213","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2213","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2213","https://linux.oracle.com/cve/CVE-2021-2213.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2215","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2215","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2215","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2215","https://linux.oracle.com/cve/CVE-2021-2215.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2217","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2217","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2217","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2217","https://linux.oracle.com/cve/CVE-2021-2217.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2226","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2226","Title":"mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2226","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2226","https://linux.oracle.com/cve/CVE-2021-2226.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2230","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2230","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2230","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2230","https://linux.oracle.com/cve/CVE-2021-2230.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2278","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2278","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2278","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2278","https://linux.oracle.com/cve/CVE-2021-2278.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2293","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2293","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2293","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2293","https://linux.oracle.com/cve/CVE-2021-2293.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2298","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2298","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2298","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2298","https://linux.oracle.com/cve/CVE-2021-2298.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2299","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2299","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2299","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2299","https://linux.oracle.com/cve/CVE-2021-2299.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2300","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2300","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2300","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2300","https://linux.oracle.com/cve/CVE-2021-2300.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2304","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2304","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H","V2Score":5.5e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H","V3Score":5.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2304","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2304","https://linux.oracle.com/cve/CVE-2021-2304.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2305","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2305","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2305","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2305","https://linux.oracle.com/cve/CVE-2021-2305.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2307","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2307","Title":"mysql: Server: Packaging unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:P/I:P/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","V2Score":3.3e0,"V3Score":6.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","V3Score":6.1e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2307","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2307","https://linux.oracle.com/cve/CVE-2021-2307.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2339","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2339","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2339","https://linux.oracle.com/cve/CVE-2021-2339.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2342","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2342","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2342","https://linux.oracle.com/cve/CVE-2021-2342.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2352","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2352","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2352","https://linux.oracle.com/cve/CVE-2021-2352.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2354","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2354","Title":"mysql: Server: Federated unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2354","https://linux.oracle.com/cve/CVE-2021-2354.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2356","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2356","Title":"mysql: Server: Replication unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","V2Score":4.9e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2356","https://linux.oracle.com/cve/CVE-2021-2356.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2357","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2357","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2357","https://linux.oracle.com/cve/CVE-2021-2357.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2367","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2367","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2367","https://linux.oracle.com/cve/CVE-2021-2367.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2370","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2370","Title":"mysql: Server: DML unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2370","https://linux.oracle.com/cve/CVE-2021-2370.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2372","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2372","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":3.5e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2372","https://linux.oracle.com/cve/CVE-2021-2372.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://ubuntu.com/security/notices/USN-5022-2","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2374","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2374","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","V2Score":1.9e0,"V3Score":4.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","V3Score":4.1e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2374","https://linux.oracle.com/cve/CVE-2021-2374.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2383","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2383","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2383","https://linux.oracle.com/cve/CVE-2021-2383.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:02:00Z"},{"VulnerabilityID":"CVE-2021-2384","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2384","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2384","https://linux.oracle.com/cve/CVE-2021-2384.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:02:00Z"},{"VulnerabilityID":"CVE-2021-2385","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2385","Title":"mysql: Server: Replication unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V2Score":4.9e0,"V3Score":5},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V3Score":5}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2385","https://linux.oracle.com/cve/CVE-2021-2385.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:02:00Z"},{"VulnerabilityID":"CVE-2021-2387","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2387","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2387","https://linux.oracle.com/cve/CVE-2021-2387.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T16:41:00Z"},{"VulnerabilityID":"CVE-2021-2389","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2389","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2389","https://linux.oracle.com/cve/CVE-2021-2389.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://ubuntu.com/security/notices/USN-5022-2","https://www.oracle.com/security-alerts/cpujul2021.html","https://www.zerodayinitiative.com/advisories/ZDI-21-880/"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T16:30:00Z"},{"VulnerabilityID":"CVE-2021-2390","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2390","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CweIDs":["CWE-20"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2390","https://linux.oracle.com/cve/CVE-2021-2390.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html","https://www.zerodayinitiative.com/advisories/ZDI-21-881/"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T16:28:00Z"},{"VulnerabilityID":"CVE-2021-2399","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2399","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2399","https://linux.oracle.com/cve/CVE-2021-2399.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T15:42:00Z"},{"VulnerabilityID":"CVE-2021-2402","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2402","Title":"mysql: Server: Locking unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2402","https://linux.oracle.com/cve/CVE-2021-2402.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T14:44:00Z"},{"VulnerabilityID":"CVE-2021-2410","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2410","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2410","https://linux.oracle.com/cve/CVE-2021-2410.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T13:27:00Z"},{"VulnerabilityID":"CVE-2021-2412","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2412","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2412","https://linux.oracle.com/cve/CVE-2021-2412.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T13:25:00Z"},{"VulnerabilityID":"CVE-2021-2417","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2417","Title":"mysql: Server: GIS unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:P/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H","V2Score":8,"V3Score":6},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H","V3Score":6}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2417","https://linux.oracle.com/cve/CVE-2021-2417.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T17:32:00Z"},{"VulnerabilityID":"CVE-2021-2418","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2418","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2418","https://linux.oracle.com/cve/CVE-2021-2418.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T17:24:00Z"},{"VulnerabilityID":"CVE-2021-2422","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2422","Title":"mysql: Server: PS unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2422","https://linux.oracle.com/cve/CVE-2021-2422.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:28:00Z"},{"VulnerabilityID":"CVE-2021-2424","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2424","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2424","https://linux.oracle.com/cve/CVE-2021-2424.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:27:00Z"},{"VulnerabilityID":"CVE-2021-2425","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2425","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2425","https://linux.oracle.com/cve/CVE-2021-2425.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:26:00Z"},{"VulnerabilityID":"CVE-2021-2426","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2426","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2426","https://linux.oracle.com/cve/CVE-2021-2426.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:25:00Z"},{"VulnerabilityID":"CVE-2021-2427","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2427","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2427","https://linux.oracle.com/cve/CVE-2021-2427.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-23T17:52:00Z"},{"VulnerabilityID":"CVE-2021-2429","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2429","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2429","https://linux.oracle.com/cve/CVE-2021-2429.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html","https://www.zerodayinitiative.com/advisories/ZDI-21-889/"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T19:08:00Z"},{"VulnerabilityID":"CVE-2021-2437","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2437","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2437","https://linux.oracle.com/cve/CVE-2021-2437.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T19:02:00Z"},{"VulnerabilityID":"CVE-2021-2440","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2440","Title":"mysql: Server: DML unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2440","https://linux.oracle.com/cve/CVE-2021-2440.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T18:32:00Z"},{"VulnerabilityID":"CVE-2021-2441","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2441","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2441","https://linux.oracle.com/cve/CVE-2021-2441.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T18:50:00Z"},{"VulnerabilityID":"CVE-2021-2444","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2444","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2444","https://linux.oracle.com/cve/CVE-2021-2444.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T18:52:00Z"},{"VulnerabilityID":"CVE-2020-14791","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14791","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V2Score":3.5e0,"V3Score":2.2e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V3Score":2.2e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14791","https://linux.oracle.com/cve/CVE-2020-14791.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14860","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14860","Title":"mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","V3Score":2.7e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14860","https://linux.oracle.com/cve/CVE-2020-14860.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2042","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2042","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V2Score":2.1e0,"V3Score":2.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V3Score":2.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2042","https://linux.oracle.com/cve/CVE-2021-2042.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2232","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2232","Title":"mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V2Score":1.9e0,"V3Score":1.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V3Score":1.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2232","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2232","https://linux.oracle.com/cve/CVE-2021-2232.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2301","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2301","Title":"mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V3Score":2.7e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2301","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2301","https://linux.oracle.com/cve/CVE-2021-2301.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2308","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2308","Title":"mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V3Score":2.7e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2308","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2308","https://linux.oracle.com/cve/CVE-2021-2308.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2340","PkgName":"mysql","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2340","Title":"mysql: Server: Memcached unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","V3Score":2.7e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2340","https://linux.oracle.com/cve/CVE-2021-2340.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2020-14672","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14672","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14672","https://linux.oracle.com/cve/CVE-2020-14672.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14765","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14765","Title":"mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14765","https://linux.oracle.com/cve/CVE-2020-14765.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14769","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14769","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14769","https://linux.oracle.com/cve/CVE-2020-14769.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14773","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14773","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14773","https://linux.oracle.com/cve/CVE-2020-14773.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14775","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14775","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14775","https://linux.oracle.com/cve/CVE-2020-14775.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14776","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14776","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14776","https://linux.oracle.com/cve/CVE-2020-14776.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14777","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14777","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14777","https://linux.oracle.com/cve/CVE-2020-14777.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14785","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14785","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14785","https://linux.oracle.com/cve/CVE-2020-14785.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-06-02T13:25:00Z"},{"VulnerabilityID":"CVE-2020-14786","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14786","Title":"mysql: Server: PS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14786","https://linux.oracle.com/cve/CVE-2020-14786.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14789","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14789","Title":"mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14789","https://linux.oracle.com/cve/CVE-2020-14789.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14790","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14790","Title":"mysql: Server: PS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14790","https://linux.oracle.com/cve/CVE-2020-14790.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14793","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14793","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14793","https://linux.oracle.com/cve/CVE-2020-14793.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14794","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14794","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14794","https://linux.oracle.com/cve/CVE-2020-14794.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14800","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14800","Title":"mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14800","https://linux.oracle.com/cve/CVE-2020-14800.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14804","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14804","Title":"mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14804","https://linux.oracle.com/cve/CVE-2020-14804.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14809","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14809","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14809","https://linux.oracle.com/cve/CVE-2020-14809.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14812","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14812","Title":"mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14812","https://linux.oracle.com/cve/CVE-2020-14812.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-06-02T13:26:00Z"},{"VulnerabilityID":"CVE-2020-14814","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14814","Title":"mysql: Server: DML unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14814","https://linux.oracle.com/cve/CVE-2020-14814.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-06-02T13:26:00Z"},{"VulnerabilityID":"CVE-2020-14821","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14821","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14821","https://linux.oracle.com/cve/CVE-2020-14821.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14828","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14828","Title":"mysql: Server: DML unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","V2Score":6.5e0,"V3Score":7.2e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","V3Score":7.2e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14828","https://linux.oracle.com/cve/CVE-2020-14828.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14829","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14829","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14829","https://linux.oracle.com/cve/CVE-2020-14829.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14830","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14830","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14830","https://linux.oracle.com/cve/CVE-2020-14830.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14836","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14836","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14836","https://linux.oracle.com/cve/CVE-2020-14836.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14837","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14837","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14837","https://linux.oracle.com/cve/CVE-2020-14837.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14838","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14838","Title":"mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":4.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V3Score":4.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14838","https://linux.oracle.com/cve/CVE-2020-14838.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14839","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14839","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14839","https://linux.oracle.com/cve/CVE-2020-14839.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14844","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14844","Title":"mysql: Server: PS unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14844","https://linux.oracle.com/cve/CVE-2020-14844.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14845","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14845","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14845","https://linux.oracle.com/cve/CVE-2020-14845.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14846","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14846","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14846","https://linux.oracle.com/cve/CVE-2020-14846.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14848","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14848","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14848","https://linux.oracle.com/cve/CVE-2020-14848.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14852","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14852","Title":"mysql: Server: Charsets unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14852","https://linux.oracle.com/cve/CVE-2020-14852.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14861","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14861","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14861","https://linux.oracle.com/cve/CVE-2020-14861.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14866","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14866","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14866","https://linux.oracle.com/cve/CVE-2020-14866.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14867","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14867","Title":"mysql: Server: DDL unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14867","https://linux.oracle.com/cve/CVE-2020-14867.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14868","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14868","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14868","https://linux.oracle.com/cve/CVE-2020-14868.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14870","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14870","Title":"mysql: Server: X Plugin unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14870","https://linux.oracle.com/cve/CVE-2020-14870.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14873","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14873","Title":"mysql: Server: Logging unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14873","https://linux.oracle.com/cve/CVE-2020-14873.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14888","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14888","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14888","https://linux.oracle.com/cve/CVE-2020-14888.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14891","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14891","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14891","https://linux.oracle.com/cve/CVE-2020-14891.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14893","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14893","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14893","https://linux.oracle.com/cve/CVE-2020-14893.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2001","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2001","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2001","https://linux.oracle.com/cve/CVE-2021-2001.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2002","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2002","Title":"mysql: Server: Replication unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2002","https://linux.oracle.com/cve/CVE-2021-2002.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2010","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2010","Title":"mysql: C API unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","V2Score":4.9e0,"V3Score":4.2e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","V3Score":4.2e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2010","https://linux.oracle.com/cve/CVE-2021-2010.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210622-0001/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-06-22T09:15:00Z"},{"VulnerabilityID":"CVE-2021-2011","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2011","Title":"mysql: C API unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2011","https://linux.oracle.com/cve/CVE-2021-2011.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210622-0001/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-06-22T09:15:00Z"},{"VulnerabilityID":"CVE-2021-2021","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2021","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2021","https://linux.oracle.com/cve/CVE-2021-2021.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2022","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2022","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2022","https://linux.oracle.com/cve/CVE-2021-2022.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2024","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2024","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2024","https://linux.oracle.com/cve/CVE-2021-2024.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2028","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2028","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2028","https://linux.oracle.com/cve/CVE-2021-2028.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2030","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2030","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2030","https://linux.oracle.com/cve/CVE-2021-2030.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2031","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2031","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2031","https://linux.oracle.com/cve/CVE-2021-2031.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2032","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2032","Title":"mysql: Information Schema unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":4.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V3Score":4.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2032","https://linux.oracle.com/cve/CVE-2021-2032.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2036","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2036","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2036","https://linux.oracle.com/cve/CVE-2021-2036.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2038","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2038","Title":"mysql: Server: Components Services unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2038","https://linux.oracle.com/cve/CVE-2021-2038.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2046","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2046","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":6.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","V3Score":6.8e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2046","https://linux.oracle.com/cve/CVE-2021-2046.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2048","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2048","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V2Score":7,"V3Score":5},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V3Score":5}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2048","https://linux.oracle.com/cve/CVE-2021-2048.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2055","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2055","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2055","https://linux.oracle.com/cve/CVE-2021-2055.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2056","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2056","Title":"mysql: Server: DML unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2056","https://linux.oracle.com/cve/CVE-2021-2056.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2058","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2058","Title":"mysql: Server: Locking unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2058","https://linux.oracle.com/cve/CVE-2021-2058.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2060","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2060","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2060","https://linux.oracle.com/cve/CVE-2021-2060.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2061","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2061","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.3e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2061","https://linux.oracle.com/cve/CVE-2021-2061.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2065","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2065","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2065","https://linux.oracle.com/cve/CVE-2021-2065.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2070","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2070","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2070","https://linux.oracle.com/cve/CVE-2021-2070.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2072","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2072","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2072","https://linux.oracle.com/cve/CVE-2021-2072.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2076","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2076","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2076","https://linux.oracle.com/cve/CVE-2021-2076.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2081","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2081","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2081","https://linux.oracle.com/cve/CVE-2021-2081.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2087","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2087","Title":"mysql: Server: DML unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2087","https://linux.oracle.com/cve/CVE-2021-2087.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2088","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2088","Title":"mysql: Server: DML unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2088","https://linux.oracle.com/cve/CVE-2021-2088.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2122","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2122","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2122","https://linux.oracle.com/cve/CVE-2021-2122.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://ubuntu.com/security/notices/USN-4716-1","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2146","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2146","Title":"mysql: Server: Options unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2146","https://linux.oracle.com/cve/CVE-2021-2146.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2164","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2164","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2164","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2164","https://linux.oracle.com/cve/CVE-2021-2164.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2166","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2166","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2166","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166","https://linux.oracle.com/cve/CVE-2021-2166.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.gentoo.org/glsa/202105-27","https://security.gentoo.org/glsa/202105-28","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2169","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2169","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2169","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2169","https://linux.oracle.com/cve/CVE-2021-2169.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2170","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2170","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2170","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2170","https://linux.oracle.com/cve/CVE-2021-2170.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2171","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2171","Title":"mysql: Server: Replication unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":3.5e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2171","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2171","https://linux.oracle.com/cve/CVE-2021-2171.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2172","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2172","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2172","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2172","https://linux.oracle.com/cve/CVE-2021-2172.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2174","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2174","Title":"mysql: InnoDB unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":3.5e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2174","https://linux.oracle.com/cve/CVE-2021-2174.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2178","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2178","Title":"mysql: Server: Replication unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2178","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2178","https://linux.oracle.com/cve/CVE-2021-2178.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2179","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2179","Title":"mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2179","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2179","https://linux.oracle.com/cve/CVE-2021-2179.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2180","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2180","Title":"mysql: InnoDB unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2180","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2180","https://linux.oracle.com/cve/CVE-2021-2180.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.gentoo.org/glsa/202105-27","https://security.gentoo.org/glsa/202105-28","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2193","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2193","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2193","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2193","https://linux.oracle.com/cve/CVE-2021-2193.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2194","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2194","Title":"mysql: InnoDB unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2194","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2194","https://linux.oracle.com/cve/CVE-2021-2194.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2196","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2196","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2196","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2196","https://linux.oracle.com/cve/CVE-2021-2196.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2201","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2201","Title":"mysql: Server: Partition unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2201","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2201","https://linux.oracle.com/cve/CVE-2021-2201.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2202","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2202","Title":"mysql: Server: Replication unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2202","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2202","https://linux.oracle.com/cve/CVE-2021-2202.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2203","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2203","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2203","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2203","https://linux.oracle.com/cve/CVE-2021-2203.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2208","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2208","Title":"mysql: Server: Partition unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2208","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2208","https://linux.oracle.com/cve/CVE-2021-2208.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2212","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2212","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2212","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2212","https://linux.oracle.com/cve/CVE-2021-2212.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2213","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2213","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2213","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2213","https://linux.oracle.com/cve/CVE-2021-2213.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2215","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2215","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2215","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2215","https://linux.oracle.com/cve/CVE-2021-2215.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2217","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2217","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2217","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2217","https://linux.oracle.com/cve/CVE-2021-2217.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2226","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2226","Title":"mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2226","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2226","https://linux.oracle.com/cve/CVE-2021-2226.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2230","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2230","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2230","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2230","https://linux.oracle.com/cve/CVE-2021-2230.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2278","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2278","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2278","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2278","https://linux.oracle.com/cve/CVE-2021-2278.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2293","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2293","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2293","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2293","https://linux.oracle.com/cve/CVE-2021-2293.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2298","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2298","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2298","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2298","https://linux.oracle.com/cve/CVE-2021-2298.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2299","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2299","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2299","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2299","https://linux.oracle.com/cve/CVE-2021-2299.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2300","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2300","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2300","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2300","https://linux.oracle.com/cve/CVE-2021-2300.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2304","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2304","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H","V2Score":5.5e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H","V3Score":5.5e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2304","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2304","https://linux.oracle.com/cve/CVE-2021-2304.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2305","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2305","Title":"mysql: Server: DML unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2305","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2305","https://linux.oracle.com/cve/CVE-2021-2305.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2307","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2307","Title":"mysql: Server: Packaging unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:P/I:P/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","V2Score":3.3e0,"V3Score":6.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","V3Score":6.1e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2307","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2307","https://linux.oracle.com/cve/CVE-2021-2307.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2339","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2339","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2339","https://linux.oracle.com/cve/CVE-2021-2339.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2342","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2342","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2342","https://linux.oracle.com/cve/CVE-2021-2342.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2352","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2352","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2352","https://linux.oracle.com/cve/CVE-2021-2352.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2354","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2354","Title":"mysql: Server: Federated unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2354","https://linux.oracle.com/cve/CVE-2021-2354.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2356","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2356","Title":"mysql: Server: Replication unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","V2Score":4.9e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2356","https://linux.oracle.com/cve/CVE-2021-2356.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2021-2357","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2357","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2357","https://linux.oracle.com/cve/CVE-2021-2357.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2367","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2367","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2367","https://linux.oracle.com/cve/CVE-2021-2367.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2370","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2370","Title":"mysql: Server: DML unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2370","https://linux.oracle.com/cve/CVE-2021-2370.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2372","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2372","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":3.5e0,"V3Score":4.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.4e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2372","https://linux.oracle.com/cve/CVE-2021-2372.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://ubuntu.com/security/notices/USN-5022-2","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2374","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2374","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","V2Score":1.9e0,"V3Score":4.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","V3Score":4.1e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2374","https://linux.oracle.com/cve/CVE-2021-2374.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:03:00Z"},{"VulnerabilityID":"CVE-2021-2383","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2383","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2383","https://linux.oracle.com/cve/CVE-2021-2383.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:02:00Z"},{"VulnerabilityID":"CVE-2021-2384","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2384","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2384","https://linux.oracle.com/cve/CVE-2021-2384.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:02:00Z"},{"VulnerabilityID":"CVE-2021-2385","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2385","Title":"mysql: Server: Replication unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V2Score":4.9e0,"V3Score":5},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","V3Score":5}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2385","https://linux.oracle.com/cve/CVE-2021-2385.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:02:00Z"},{"VulnerabilityID":"CVE-2021-2387","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2387","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2387","https://linux.oracle.com/cve/CVE-2021-2387.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T16:41:00Z"},{"VulnerabilityID":"CVE-2021-2389","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2389","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2389","https://linux.oracle.com/cve/CVE-2021-2389.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://ubuntu.com/security/notices/USN-5022-2","https://www.oracle.com/security-alerts/cpujul2021.html","https://www.zerodayinitiative.com/advisories/ZDI-21-880/"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T16:30:00Z"},{"VulnerabilityID":"CVE-2021-2390","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2390","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CweIDs":["CWE-20"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":7.1e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2390","https://linux.oracle.com/cve/CVE-2021-2390.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html","https://www.zerodayinitiative.com/advisories/ZDI-21-881/"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T16:28:00Z"},{"VulnerabilityID":"CVE-2021-2399","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2399","Title":"mysql: Server: DDL unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2399","https://linux.oracle.com/cve/CVE-2021-2399.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T15:42:00Z"},{"VulnerabilityID":"CVE-2021-2402","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2402","Title":"mysql: Server: Locking unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2402","https://linux.oracle.com/cve/CVE-2021-2402.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T14:44:00Z"},{"VulnerabilityID":"CVE-2021-2410","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2410","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2410","https://linux.oracle.com/cve/CVE-2021-2410.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T13:27:00Z"},{"VulnerabilityID":"CVE-2021-2412","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2412","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2412","https://linux.oracle.com/cve/CVE-2021-2412.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T13:25:00Z"},{"VulnerabilityID":"CVE-2021-2417","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2417","Title":"mysql: Server: GIS unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:P/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H","V2Score":8,"V3Score":6},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H","V3Score":6}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2417","https://linux.oracle.com/cve/CVE-2021-2417.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T17:32:00Z"},{"VulnerabilityID":"CVE-2021-2418","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2418","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2418","https://linux.oracle.com/cve/CVE-2021-2418.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-26T17:24:00Z"},{"VulnerabilityID":"CVE-2021-2422","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2422","Title":"mysql: Server: PS unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2422","https://linux.oracle.com/cve/CVE-2021-2422.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:28:00Z"},{"VulnerabilityID":"CVE-2021-2424","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2424","Title":"mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2424","https://linux.oracle.com/cve/CVE-2021-2424.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:27:00Z"},{"VulnerabilityID":"CVE-2021-2425","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2425","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2425","https://linux.oracle.com/cve/CVE-2021-2425.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:26:00Z"},{"VulnerabilityID":"CVE-2021-2426","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2426","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2426","https://linux.oracle.com/cve/CVE-2021-2426.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-07-23T18:25:00Z"},{"VulnerabilityID":"CVE-2021-2427","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2427","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2427","https://linux.oracle.com/cve/CVE-2021-2427.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-23T17:52:00Z"},{"VulnerabilityID":"CVE-2021-2429","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2429","Title":"mysql: InnoDB unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2429","https://linux.oracle.com/cve/CVE-2021-2429.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html","https://www.zerodayinitiative.com/advisories/ZDI-21-889/"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T19:08:00Z"},{"VulnerabilityID":"CVE-2021-2437","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2437","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2437","https://linux.oracle.com/cve/CVE-2021-2437.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T19:02:00Z"},{"VulnerabilityID":"CVE-2021-2440","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2440","Title":"mysql: Server: DML unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2440","https://linux.oracle.com/cve/CVE-2021-2440.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T18:32:00Z"},{"VulnerabilityID":"CVE-2021-2441","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2441","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2441","https://linux.oracle.com/cve/CVE-2021-2441.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T18:50:00Z"},{"VulnerabilityID":"CVE-2021-2444","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2444","Title":"mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":6.8e0,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V3Score":4.9e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2444","https://linux.oracle.com/cve/CVE-2021-2444.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210723-0001/","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:16:00Z","LastModifiedDate":"2021-07-26T18:52:00Z"},{"VulnerabilityID":"CVE-2020-14791","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14791","Title":"mysql: InnoDB unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V2Score":3.5e0,"V3Score":2.2e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V3Score":2.2e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14791","https://linux.oracle.com/cve/CVE-2020-14791.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2020-14860","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14860","Title":"mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2020)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","V3Score":2.7e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14860","https://linux.oracle.com/cve/CVE-2020-14860.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20201023-0003/","https://ubuntu.com/security/notices/USN-4604-1","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL"],"PublishedDate":"2020-10-21T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2042","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2042","Title":"mysql: InnoDB unspecified vulnerability (CPU Jan 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V2Score":2.1e0,"V3Score":2.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V3Score":2.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2042","https://linux.oracle.com/cve/CVE-2021-2042.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.gentoo.org/glsa/202105-27","https://security.netapp.com/advisory/ntap-20210219-0003/","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL"],"PublishedDate":"2021-01-20T15:15:00Z","LastModifiedDate":"2021-05-26T12:15:00Z"},{"VulnerabilityID":"CVE-2021-2232","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2232","Title":"mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:L/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V2Score":1.9e0,"V3Score":1.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L","V3Score":1.9e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2232","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2232","https://linux.oracle.com/cve/CVE-2021-2232.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2301","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2301","Title":"mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V3Score":2.7e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2301","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2301","https://linux.oracle.com/cve/CVE-2021-2301.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2308","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2308","Title":"mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","V3Score":2.7e0}},"References":["https://access.redhat.com/security/cve/CVE-2021-2308","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2308","https://linux.oracle.com/cve/CVE-2021-2308.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://security.netapp.com/advisory/ntap-20210513-0002/","https://ubuntu.com/security/notices/USN-4952-1","https://www.oracle.com/security-alerts/cpuapr2021.html","https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL"],"PublishedDate":"2021-04-22T22:15:00Z","LastModifiedDate":"2021-05-13T18:15:00Z"},{"VulnerabilityID":"CVE-2021-2340","PkgName":"mysql-common","InstalledVersion":"8.0.26-1.module_el8.4.0+915+de215114","FixedVersion":"8.0.26-1.module+el8.4.0+12359+b8928c02","Layer":{"DiffID":"sha256:f0b8d6ae225587de7ebbaa56afa0eddc745dcb7bb3a4b8fbb592ca6c3b8b660b"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-2340","Title":"mysql: Server: Memcached unspecified vulnerability (CPU Jul 2021)","Description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","V2Score":4,"V3Score":2.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","V3Score":2.7e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2340","https://linux.oracle.com/cve/CVE-2021-2340.html","https://linux.oracle.com/errata/ELSA-2021-3590.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/","https://security.netapp.com/advisory/ntap-20210723-0001/","https://ubuntu.com/security/notices/USN-5022-1","https://www.oracle.com/security-alerts/cpujul2021.html"],"PublishedDate":"2021-07-21T15:15:00Z","LastModifiedDate":"2021-09-23T13:06:00Z"},{"VulnerabilityID":"CVE-2019-17594","PkgName":"ncurses-base","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-17594","Title":"ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c","Description":"There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","Severity":"MEDIUM","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V2Score":4.6e0,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html","https://security.gentoo.org/glsa/202101-28"],"PublishedDate":"2019-10-14T21:15:00Z","LastModifiedDate":"2021-02-10T15:13:00Z"},{"VulnerabilityID":"CVE-2019-17595","PkgName":"ncurses-base","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-17595","Title":"ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c","Description":"There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","Severity":"MEDIUM","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","V2Score":5.8e0,"V3Score":5.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","V3Score":5.4e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html","https://security.gentoo.org/glsa/202101-28"],"PublishedDate":"2019-10-14T21:15:00Z","LastModifiedDate":"2021-02-08T20:52:00Z"},{"VulnerabilityID":"CVE-2021-39537","PkgName":"ncurses-base","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-39537","Title":"ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c","Description":"An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html"],"PublishedDate":"2021-09-20T16:15:00Z","LastModifiedDate":"2021-09-20T17:21:00Z"},{"VulnerabilityID":"CVE-2018-19211","PkgName":"ncurses-base","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-19211","Title":"ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c","Description":"In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1643754"],"PublishedDate":"2018-11-12T19:29:00Z","LastModifiedDate":"2019-04-23T13:15:00Z"},{"VulnerabilityID":"CVE-2018-19217","PkgName":"ncurses-base","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-19217","Title":"ncurses: Null pointer dereference at function _nc_name_match","Description":"** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1643753"],"PublishedDate":"2018-11-12T19:29:00Z","LastModifiedDate":"2019-04-18T16:29:00Z"},{"VulnerabilityID":"CVE-2019-17594","PkgName":"ncurses-libs","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-17594","Title":"ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c","Description":"There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","Severity":"MEDIUM","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V2Score":4.6e0,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","V3Score":5.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html","https://security.gentoo.org/glsa/202101-28"],"PublishedDate":"2019-10-14T21:15:00Z","LastModifiedDate":"2021-02-10T15:13:00Z"},{"VulnerabilityID":"CVE-2019-17595","PkgName":"ncurses-libs","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-17595","Title":"ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c","Description":"There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","Severity":"MEDIUM","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","V2Score":5.8e0,"V3Score":5.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","V3Score":5.4e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html","https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html","https://security.gentoo.org/glsa/202101-28"],"PublishedDate":"2019-10-14T21:15:00Z","LastModifiedDate":"2021-02-08T20:52:00Z"},{"VulnerabilityID":"CVE-2021-39537","PkgName":"ncurses-libs","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-39537","Title":"ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c","Description":"An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html"],"PublishedDate":"2021-09-20T16:15:00Z","LastModifiedDate":"2021-09-20T17:21:00Z"},{"VulnerabilityID":"CVE-2018-19211","PkgName":"ncurses-libs","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-19211","Title":"ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c","Description":"In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1643754"],"PublishedDate":"2018-11-12T19:29:00Z","LastModifiedDate":"2019-04-23T13:15:00Z"},{"VulnerabilityID":"CVE-2018-19217","PkgName":"ncurses-libs","InstalledVersion":"6.1-7.20180224.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-19217","Title":"ncurses: Null pointer dereference at function _nc_name_match","Description":"** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1643753"],"PublishedDate":"2018-11-12T19:29:00Z","LastModifiedDate":"2019-04-18T16:29:00Z"},{"VulnerabilityID":"CVE-2021-20305","PkgName":"nettle","InstalledVersion":"3.4.1-2.el8","FixedVersion":"3.4.1-4.el8_3","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20305","Title":"nettle: Out of bounds memory access in signature verification","Description":"A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.","Severity":"HIGH","CweIDs":["CWE-327"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":8.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","V3Score":8.1e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1942533","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305","https://linux.oracle.com/cve/CVE-2021-20305.html","https://linux.oracle.com/errata/ELSA-2021-1206.html","https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/","https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html","https://security.gentoo.org/glsa/202105-31","https://ubuntu.com/security/notices/USN-4906-1","https://www.debian.org/security/2021/dsa-4933"],"PublishedDate":"2021-04-05T22:15:00Z","LastModifiedDate":"2021-09-18T17:15:00Z"},{"VulnerabilityID":"CVE-2021-3580","PkgName":"nettle","InstalledVersion":"3.4.1-2.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3580","Title":"nettle: Remote crash in RSA decryption via manipulated ciphertext","Description":"A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.","Severity":"MEDIUM","CweIDs":["CWE-20"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1967983","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580","https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html","https://ubuntu.com/security/notices/USN-4990-1"],"PublishedDate":"2021-08-05T21:15:00Z","LastModifiedDate":"2021-09-18T17:15:00Z"},{"VulnerabilityID":"CVE-2021-23840","PkgName":"openssl-libs","InstalledVersion":"1:1.1.1g-15.el8_3","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-23840","Title":"openssl: integer overflow in CipherUpdate","Description":"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).","Severity":"MEDIUM","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","https://security.gentoo.org/glsa/202103-03","https://security.netapp.com/advisory/ntap-20210219-0009/","https://ubuntu.com/security/notices/USN-4738-1","https://ubuntu.com/security/notices/USN-5088-1","https://www.debian.org/security/2021/dsa-4855","https://www.openssl.org/news/secadv/20210216.txt","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-03","https://www.tenable.com/security/tns-2021-09","https://www.tenable.com/security/tns-2021-10"],"PublishedDate":"2021-02-16T17:15:00Z","LastModifiedDate":"2021-09-13T19:45:00Z"},{"VulnerabilityID":"CVE-2021-23841","PkgName":"openssl-libs","InstalledVersion":"1:1.1.1g-15.el8_3","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-23841","Title":"openssl: NULL pointer dereference in X509_issuer_and_serial_hash()","Description":"The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).","Severity":"MEDIUM","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":5.9e0}},"References":["http://seclists.org/fulldisclosure/2021/May/67","http://seclists.org/fulldisclosure/2021/May/68","http://seclists.org/fulldisclosure/2021/May/70","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846","https://security.gentoo.org/glsa/202103-03","https://security.netapp.com/advisory/ntap-20210219-0009/","https://security.netapp.com/advisory/ntap-20210513-0002/","https://support.apple.com/kb/HT212528","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212534","https://ubuntu.com/security/notices/USN-4738-1","https://ubuntu.com/security/notices/USN-4745-1","https://www.debian.org/security/2021/dsa-4855","https://www.openssl.org/news/secadv/20210216.txt","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.tenable.com/security/tns-2021-03","https://www.tenable.com/security/tns-2021-09"],"PublishedDate":"2021-02-16T17:15:00Z","LastModifiedDate":"2021-07-20T23:15:00Z"},{"VulnerabilityID":"CVE-2021-3712","PkgName":"openssl-libs","InstalledVersion":"1:1.1.1g-15.el8_3","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3712","Title":"openssl: Read buffer overruns processing ASN.1 strings","Description":"ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).","Severity":"MEDIUM","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","V2Score":5.8e0,"V3Score":7.4e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","V3Score":7.4e0}},"References":["http://www.openwall.com/lists/oss-security/2021/08/26/2","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11","https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12","https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html","https://security.netapp.com/advisory/ntap-20210827-0010/","https://ubuntu.com/security/notices/USN-5051-1","https://ubuntu.com/security/notices/USN-5051-2","https://ubuntu.com/security/notices/USN-5051-3","https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)","https://ubuntu.com/security/notices/USN-5088-1","https://www.debian.org/security/2021/dsa-4963","https://www.openssl.org/news/secadv/20210824.txt","https://www.tenable.com/security/tns-2021-16"],"PublishedDate":"2021-08-24T15:15:00Z","LastModifiedDate":"2021-09-27T02:15:00Z"},{"VulnerabilityID":"CVE-2019-20838","PkgName":"pcre","InstalledVersion":"8.42-4.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-20838","Title":"pcre: buffer over-read in JIT when UTF is disabled","Description":"libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2021/Feb/14","https://bugs.gentoo.org/717920","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT212147","https://www.pcre.org/original/changelog.txt"],"PublishedDate":"2020-06-15T17:15:00Z","LastModifiedDate":"2021-09-22T14:22:00Z"},{"VulnerabilityID":"CVE-2020-14155","PkgName":"pcre","InstalledVersion":"8.42-4.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-14155","Title":"pcre: integer overflow in libpcre","Description":"libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.","Severity":"LOW","CweIDs":["CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","V2Score":5,"V3Score":5.3e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","V3Score":5.3e0}},"References":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2021/Feb/14","https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/","https://bugs.gentoo.org/717920","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT212147","https://www.pcre.org/original/changelog.txt"],"PublishedDate":"2020-06-15T17:15:00Z","LastModifiedDate":"2021-09-22T14:22:00Z"},{"VulnerabilityID":"CVE-2021-3426","PkgName":"platform-python","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3426","Title":"python: Information disclosure via pydoc","Description":"There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:A/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","V2Score":2.7e0,"V3Score":5.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","V3Score":5.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1935913","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426","https://github.com/python/cpython/pull/24285","https://github.com/python/cpython/pull/24337","https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/","https://python-security.readthedocs.io/vuln/pydoc-getfile.html","https://security.gentoo.org/glsa/202104-04","https://security.netapp.com/advisory/ntap-20210629-0003/"],"PublishedDate":"2021-05-20T13:15:00Z","LastModifiedDate":"2021-06-29T10:15:00Z"},{"VulnerabilityID":"CVE-2021-3733","PkgName":"platform-python","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3733","Title":"python: urllib: Regular expression DoS in AbstractBasicAuthHandler","Description":"There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://bugs.python.org/issue43075","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733","https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final","https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final","https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final","https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final","https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)","https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)","https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)","https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)","https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)","https://github.com/python/cpython/pull/24391","https://ubuntu.com/security/notices/USN-5083-1"]},{"VulnerabilityID":"CVE-2019-9674","PkgName":"platform-python","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9674","Title":"python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py","Description":"Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.","Severity":"LOW","CweIDs":["CWE-400"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html","https://bugs.python.org/issue36260","https://bugs.python.org/issue36462","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674","https://github.com/python/cpython/blob/master/Lib/zipfile.py","https://python-security.readthedocs.io/security.html#archives-and-zip-bomb","https://security.netapp.com/advisory/ntap-20200221-0003/","https://ubuntu.com/security/notices/USN-4428-1","https://ubuntu.com/security/notices/USN-4754-3","https://usn.ubuntu.com/4428-1/","https://www.python.org/news/security/"],"PublishedDate":"2020-02-04T15:15:00Z","LastModifiedDate":"2020-07-27T18:15:00Z"},{"VulnerabilityID":"CVE-2021-3737","PkgName":"platform-python","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3737","Title":"python: client can enter an infinite loop on a 100 Continue response from the server","Description":"A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.","Severity":"LOW","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://bugs.python.org/issue44022","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737","https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)","https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)","https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14","https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)","https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)","https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)","https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)","https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)","https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)","https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)","https://github.com/python/cpython/pull/25916","https://github.com/python/cpython/pull/26503","https://ubuntu.com/security/notices/USN-5083-1"]},{"VulnerabilityID":"CVE-2018-1121","PkgName":"procps-ng","InstalledVersion":"3.3.15-6.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-1121","Title":"procps-ng, procps: process hiding through race condition enumerating /proc","Description":"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.","Severity":"LOW","CweIDs":["CWE-362"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","V2Score":4.3e0,"V3Score":5.9e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L","V3Score":3.9e0}},"References":["http://seclists.org/oss-sec/2018/q2/122","http://www.securityfocus.com/bid/104214","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121","https://www.exploit-db.com/exploits/44806/","https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"],"PublishedDate":"2018-06-13T20:29:00Z","LastModifiedDate":"2020-06-30T16:15:00Z"},{"VulnerabilityID":"CVE-2021-3445","PkgName":"python3-hawkey","InstalledVersion":"0.55.0-7.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3445","Title":"libdnf: libdnf does its own signature verification, but this can be tricked by placing a signature in the main header","Description":"A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.","Severity":"MEDIUM","CweIDs":["CWE-347"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":5.1e0,"V3Score":8.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.4e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1932079","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3445","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-06-02T14:58:00Z"},{"VulnerabilityID":"CVE-2021-3445","PkgName":"python3-libdnf","InstalledVersion":"0.55.0-7.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3445","Title":"libdnf: libdnf does its own signature verification, but this can be tricked by placing a signature in the main header","Description":"A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.","Severity":"MEDIUM","CweIDs":["CWE-347"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":5.1e0,"V3Score":8.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.4e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1932079","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3445","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-06-02T14:58:00Z"},{"VulnerabilityID":"CVE-2021-3426","PkgName":"python3-libs","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3426","Title":"python: Information disclosure via pydoc","Description":"There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:A/AC:L/Au:S/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","V2Score":2.7e0,"V3Score":5.7e0},"redhat":{"V3Vector":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","V3Score":5.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1935913","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426","https://github.com/python/cpython/pull/24285","https://github.com/python/cpython/pull/24337","https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/","https://python-security.readthedocs.io/vuln/pydoc-getfile.html","https://security.gentoo.org/glsa/202104-04","https://security.netapp.com/advisory/ntap-20210629-0003/"],"PublishedDate":"2021-05-20T13:15:00Z","LastModifiedDate":"2021-06-29T10:15:00Z"},{"VulnerabilityID":"CVE-2021-3733","PkgName":"python3-libs","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3733","Title":"python: urllib: Regular expression DoS in AbstractBasicAuthHandler","Description":"There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://bugs.python.org/issue43075","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733","https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final","https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final","https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final","https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final","https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)","https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)","https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)","https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)","https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)","https://github.com/python/cpython/pull/24391","https://ubuntu.com/security/notices/USN-5083-1"]},{"VulnerabilityID":"CVE-2019-9674","PkgName":"python3-libs","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9674","Title":"python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py","Description":"Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.","Severity":"LOW","CweIDs":["CWE-400"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html","https://bugs.python.org/issue36260","https://bugs.python.org/issue36462","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674","https://github.com/python/cpython/blob/master/Lib/zipfile.py","https://python-security.readthedocs.io/security.html#archives-and-zip-bomb","https://security.netapp.com/advisory/ntap-20200221-0003/","https://ubuntu.com/security/notices/USN-4428-1","https://ubuntu.com/security/notices/USN-4754-3","https://usn.ubuntu.com/4428-1/","https://www.python.org/news/security/"],"PublishedDate":"2020-02-04T15:15:00Z","LastModifiedDate":"2020-07-27T18:15:00Z"},{"VulnerabilityID":"CVE-2021-3737","PkgName":"python3-libs","InstalledVersion":"3.6.8-37.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3737","Title":"python: client can enter an infinite loop on a 100 Continue response from the server","Description":"A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.","Severity":"LOW","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V3Score":6.5e0}},"References":["https://bugs.python.org/issue44022","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737","https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)","https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)","https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14","https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)","https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)","https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)","https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)","https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)","https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)","https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)","https://github.com/python/cpython/pull/25916","https://github.com/python/cpython/pull/26503","https://ubuntu.com/security/notices/USN-5083-1"]},{"VulnerabilityID":"CVE-2018-20225","PkgName":"python3-pip-wheel","InstalledVersion":"9.0.3-19.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20225","Title":"python-pip: when --extra-index-url option is used and package does not already exist in the public index, the installation of malicious package with arbitrary version number is possible.","Description":"** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely.","Severity":"LOW","CweIDs":["CWE-20"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":7.8e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1835736","https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html","https://lists.apache.org/thread.html/rb1adce798445facd032870d644eb39c4baaf9c4a7dd5477d12bb6ab2@%3Cgithub.arrow.apache.org%3E","https://pip.pypa.io/en/stable/news/"],"PublishedDate":"2020-05-08T18:15:00Z","LastModifiedDate":"2020-06-01T17:15:00Z"},{"VulnerabilityID":"CVE-2021-3572","PkgName":"python3-pip-wheel","InstalledVersion":"9.0.3-19.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3572","Title":"python-pip: Incorrect handling of unicode separators in git references","Description":"A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.","Severity":"LOW","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","V3Score":4.5e0}}},{"VulnerabilityID":"CVE-2021-20271","PkgName":"python3-rpm","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20271","Title":"rpm: Signature checks bypass via corrupted rpm package","Description":"A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.","Severity":"MEDIUM","CweIDs":["CWE-345"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":5.1e0,"V3Score":7},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1934125","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20271","https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21","https://linux.oracle.com/cve/CVE-2021-20271.html","https://linux.oracle.com/errata/ELSA-2021-2574.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-03-26T17:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-3421","PkgName":"python3-rpm","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3421","Title":"rpm: unsigned signature header leads to string injection into an rpm database","Description":"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.","Severity":"MEDIUM","CweIDs":["CWE-347"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927747","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3421","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-35937","PkgName":"python3-rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35937","Title":"rpm: TOCTOU race in checks for unsafe symlinks","Description":"A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.3e0}}},{"VulnerabilityID":"CVE-2021-35938","PkgName":"python3-rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35938","Title":"rpm: races with chown/chmod/capabilities calls during installation","Description":"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-35939","PkgName":"python3-rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35939","Title":"rpm: checks for unsafe symlinks are not performed for intermediary directories","Description":"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-20266","PkgName":"python3-rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20266","Title":"rpm: missing length checks in hdrblobInit()","Description":"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.1e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927741","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20266","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"],"PublishedDate":"2021-04-30T12:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-20271","PkgName":"rpm","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20271","Title":"rpm: Signature checks bypass via corrupted rpm package","Description":"A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.","Severity":"MEDIUM","CweIDs":["CWE-345"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":5.1e0,"V3Score":7},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1934125","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20271","https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21","https://linux.oracle.com/cve/CVE-2021-20271.html","https://linux.oracle.com/errata/ELSA-2021-2574.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-03-26T17:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-3421","PkgName":"rpm","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3421","Title":"rpm: unsigned signature header leads to string injection into an rpm database","Description":"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.","Severity":"MEDIUM","CweIDs":["CWE-347"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927747","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3421","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-35937","PkgName":"rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35937","Title":"rpm: TOCTOU race in checks for unsafe symlinks","Description":"A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.3e0}}},{"VulnerabilityID":"CVE-2021-35938","PkgName":"rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35938","Title":"rpm: races with chown/chmod/capabilities calls during installation","Description":"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-35939","PkgName":"rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35939","Title":"rpm: checks for unsafe symlinks are not performed for intermediary directories","Description":"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-20266","PkgName":"rpm","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20266","Title":"rpm: missing length checks in hdrblobInit()","Description":"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.1e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927741","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20266","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"],"PublishedDate":"2021-04-30T12:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-20271","PkgName":"rpm-build-libs","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20271","Title":"rpm: Signature checks bypass via corrupted rpm package","Description":"A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.","Severity":"MEDIUM","CweIDs":["CWE-345"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":5.1e0,"V3Score":7},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1934125","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20271","https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21","https://linux.oracle.com/cve/CVE-2021-20271.html","https://linux.oracle.com/errata/ELSA-2021-2574.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-03-26T17:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-3421","PkgName":"rpm-build-libs","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3421","Title":"rpm: unsigned signature header leads to string injection into an rpm database","Description":"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.","Severity":"MEDIUM","CweIDs":["CWE-347"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927747","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3421","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-35937","PkgName":"rpm-build-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35937","Title":"rpm: TOCTOU race in checks for unsafe symlinks","Description":"A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.3e0}}},{"VulnerabilityID":"CVE-2021-35938","PkgName":"rpm-build-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35938","Title":"rpm: races with chown/chmod/capabilities calls during installation","Description":"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-35939","PkgName":"rpm-build-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35939","Title":"rpm: checks for unsafe symlinks are not performed for intermediary directories","Description":"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-20266","PkgName":"rpm-build-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20266","Title":"rpm: missing length checks in hdrblobInit()","Description":"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.1e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927741","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20266","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"],"PublishedDate":"2021-04-30T12:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-20271","PkgName":"rpm-libs","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20271","Title":"rpm: Signature checks bypass via corrupted rpm package","Description":"A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.","Severity":"MEDIUM","CweIDs":["CWE-345"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":5.1e0,"V3Score":7},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1934125","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20271","https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21","https://linux.oracle.com/cve/CVE-2021-20271.html","https://linux.oracle.com/errata/ELSA-2021-2574.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-03-26T17:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-3421","PkgName":"rpm-libs","InstalledVersion":"4.14.3-13.el8","FixedVersion":"4.14.3-14.el8_4","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3421","Title":"rpm: unsigned signature header leads to string injection into an rpm database","Description":"A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.","Severity":"MEDIUM","CweIDs":["CWE-347"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","V3Score":4.7e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927747","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3421","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"],"PublishedDate":"2021-05-19T14:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2021-35937","PkgName":"rpm-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35937","Title":"rpm: TOCTOU race in checks for unsafe symlinks","Description":"A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.3e0}}},{"VulnerabilityID":"CVE-2021-35938","PkgName":"rpm-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35938","Title":"rpm: races with chown/chmod/capabilities calls during installation","Description":"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-35939","PkgName":"rpm-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-35939","Title":"rpm: checks for unsafe symlinks are not performed for intermediary directories","Description":"It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","V3Score":6.5e0}}},{"VulnerabilityID":"CVE-2021-20266","PkgName":"rpm-libs","InstalledVersion":"4.14.3-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20266","Title":"rpm: missing length checks in hdrblobInit()","Description":"A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","V2Score":4,"V3Score":4.9e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.1e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1927741","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20266","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"],"PublishedDate":"2021-04-30T12:15:00Z","LastModifiedDate":"2021-07-20T11:15:00Z"},{"VulnerabilityID":"CVE-2019-5827","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-5827","Title":"chromium-browser: out-of-bounds access in SQLite","Description":"Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","Severity":"HIGH","CweIDs":["CWE-787","CWE-190"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":8.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":8.8e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html","https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html","https://crbug.com/952406","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/","https://seclists.org/bugtraq/2019/Aug/19","https://security.gentoo.org/glsa/202003-16","https://ubuntu.com/security/notices/USN-4205-1","https://usn.ubuntu.com/4205-1/","https://www.debian.org/security/2019/dsa-4500"],"PublishedDate":"2019-06-27T17:15:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2019-13750","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-13750","Title":"sqlite: dropping of shadow tables not restricted in defensive mode","Description":"Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.","Severity":"MEDIUM","CweIDs":["CWE-20"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","V3Score":6.5e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025464","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://ubuntu.com/security/notices/USN-4298-1","https://ubuntu.com/security/notices/USN-4298-2","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"PublishedDate":"2019-12-10T22:15:00Z","LastModifiedDate":"2020-08-06T19:15:00Z"},{"VulnerabilityID":"CVE-2019-13751","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-13751","Title":"sqlite: fts3: improve detection of corrupted records","Description":"Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","Severity":"MEDIUM","CweIDs":["CWE-908"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","V2Score":4.3e0,"V3Score":6.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","V3Score":6.5e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025465","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://ubuntu.com/security/notices/USN-4298-1","https://ubuntu.com/security/notices/USN-4298-2","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"PublishedDate":"2019-12-10T22:15:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2019-19603","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-19603","Title":"sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS","Description":"SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603","https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E","https://security.netapp.com/advisory/ntap-20191223-0001/","https://ubuntu.com/security/notices/USN-4394-1","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.sqlite.org/"],"PublishedDate":"2019-12-09T19:15:00Z","LastModifiedDate":"2021-06-18T15:15:00Z"},{"VulnerabilityID":"CVE-2020-13435","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2020-13435","Title":"sqlite: NULL pointer dereference leads to segmentation fault in sqlite3ExprCodeTarget in expr.c","Description":"SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.","Severity":"MEDIUM","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":2.1e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/","https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc","https://security.gentoo.org/glsa/202007-26","https://security.netapp.com/advisory/ntap-20200528-0004/","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","https://ubuntu.com/security/notices/USN-4394-1","https://usn.ubuntu.com/4394-1/","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.sqlite.org/src/info/7a5279a25c57adf1"],"PublishedDate":"2020-05-24T22:15:00Z","LastModifiedDate":"2021-06-14T18:15:00Z"},{"VulnerabilityID":"CVE-2019-19244","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-19244","Title":"sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage","Description":"sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.","Severity":"LOW","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V3Score":7.5e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244","https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348","https://ubuntu.com/security/notices/USN-4205-1","https://usn.ubuntu.com/4205-1/","https://www.oracle.com/security-alerts/cpuapr2020.html"],"PublishedDate":"2019-11-25T20:15:00Z","LastModifiedDate":"2020-08-24T17:37:00Z"},{"VulnerabilityID":"CVE-2019-9936","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9936","Title":"sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c","Description":"In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.","Severity":"LOW","CweIDs":["CWE-125"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html","http://www.securityfocus.com/bid/107562","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9936","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/","https://security.gentoo.org/glsa/201908-09","https://security.netapp.com/advisory/ntap-20190416-0005/","https://sqlite.org/src/info/b3fa58dd7403dbd4","https://ubuntu.com/security/notices/USN-4019-1","https://usn.ubuntu.com/4019-1/","https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114382.html","https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114394.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"PublishedDate":"2019-03-22T08:29:00Z","LastModifiedDate":"2020-08-23T01:15:00Z"},{"VulnerabilityID":"CVE-2019-9937","PkgName":"sqlite-libs","InstalledVersion":"3.26.0-13.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9937","Title":"sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c","Description":"In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00026.html","http://www.securityfocus.com/bid/107562","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9937","https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXD2GYJVTDGEQPUNMMMC5TB7MQXOBBMO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N66U5PY5UJU4XBFZJH7QNKIDNAVIB4OP/","https://security.gentoo.org/glsa/201908-09","https://security.netapp.com/advisory/ntap-20190416-0005/","https://sqlite.org/src/info/45c73deb440496e8","https://ubuntu.com/security/notices/USN-4019-1","https://usn.ubuntu.com/4019-1/","https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114383.html","https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg114393.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"PublishedDate":"2019-03-22T08:29:00Z","LastModifiedDate":"2020-08-23T01:15:00Z"},{"VulnerabilityID":"CVE-2021-40153","PkgName":"squashfs-tools","InstalledVersion":"4.3-20.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-40153","Title":"squashfs-tools: unvalidated filepaths allow writing outside of destination","Description":"squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.","Severity":"MEDIUM","CweIDs":["CWE-22"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","V2Score":5.8e0,"V3Score":8.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","V3Score":8.1e0}},"References":["https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40153","https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646","https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5)","https://github.com/plougher/squashfs-tools/issues/72","https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/","https://ubuntu.com/security/notices/USN-5057-1","https://ubuntu.com/security/notices/USN-5078-2","https://www.debian.org/security/2021/dsa-4967"],"PublishedDate":"2021-08-27T15:15:00Z","LastModifiedDate":"2021-09-07T19:40:00Z"},{"VulnerabilityID":"CVE-2021-41072","PkgName":"squashfs-tools","InstalledVersion":"4.3-20.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-41072","Title":"squashfs-tools: possible Directory Traversal via symbolic link","Description":"squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.","Severity":"MEDIUM","CweIDs":["CWE-59"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:P/A:P","V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","V2Score":5.8e0,"V3Score":8.1e0},"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","V3Score":8.1e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41072","https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd","https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405","https://ubuntu.com/security/notices/USN-5078-1","https://ubuntu.com/security/notices/USN-5078-2"],"PublishedDate":"2021-09-14T01:15:00Z","LastModifiedDate":"2021-09-24T18:39:00Z"},{"VulnerabilityID":"CVE-2021-33910","PkgName":"systemd","InstalledVersion":"239-45.el8","FixedVersion":"239-45.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33910","Title":"systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash","Description":"basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.","Severity":"HIGH","CweIDs":["CWE-770"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html","http://www.openwall.com/lists/oss-security/2021/08/04/2","http://www.openwall.com/lists/oss-security/2021/08/17/3","http://www.openwall.com/lists/oss-security/2021/09/07/3","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910","https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b","https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce","https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538","https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61","https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b","https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9","https://linux.oracle.com/cve/CVE-2021-33910.html","https://linux.oracle.com/errata/ELSA-2021-2717.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/","https://security.gentoo.org/glsa/202107-48","https://ubuntu.com/security/notices/USN-5013-1","https://ubuntu.com/security/notices/USN-5013-2","https://www.debian.org/security/2021/dsa-4942","https://www.openwall.com/lists/oss-security/2021/07/20/2","https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt"],"PublishedDate":"2021-07-20T19:15:00Z","LastModifiedDate":"2021-09-21T16:28:00Z"},{"VulnerabilityID":"CVE-2018-20839","PkgName":"systemd","InstalledVersion":"239-45.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20839","Title":"systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker","Description":"systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":5,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.4e0}},"References":["http://www.securityfocus.com/bid/108389","https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993","https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f","https://github.com/systemd/systemd/pull/12378","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://security.netapp.com/advisory/ntap-20190530-0002/"],"PublishedDate":"2019-05-17T04:29:00Z","LastModifiedDate":"2021-02-25T17:15:00Z"},{"VulnerabilityID":"CVE-2021-33910","PkgName":"systemd-libs","InstalledVersion":"239-45.el8","FixedVersion":"239-45.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33910","Title":"systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash","Description":"basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.","Severity":"HIGH","CweIDs":["CWE-770"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html","http://www.openwall.com/lists/oss-security/2021/08/04/2","http://www.openwall.com/lists/oss-security/2021/08/17/3","http://www.openwall.com/lists/oss-security/2021/09/07/3","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910","https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b","https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce","https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538","https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61","https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b","https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9","https://linux.oracle.com/cve/CVE-2021-33910.html","https://linux.oracle.com/errata/ELSA-2021-2717.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/","https://security.gentoo.org/glsa/202107-48","https://ubuntu.com/security/notices/USN-5013-1","https://ubuntu.com/security/notices/USN-5013-2","https://www.debian.org/security/2021/dsa-4942","https://www.openwall.com/lists/oss-security/2021/07/20/2","https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt"],"PublishedDate":"2021-07-20T19:15:00Z","LastModifiedDate":"2021-09-21T16:28:00Z"},{"VulnerabilityID":"CVE-2018-20839","PkgName":"systemd-libs","InstalledVersion":"239-45.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20839","Title":"systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker","Description":"systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":5,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.4e0}},"References":["http://www.securityfocus.com/bid/108389","https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993","https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f","https://github.com/systemd/systemd/pull/12378","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://security.netapp.com/advisory/ntap-20190530-0002/"],"PublishedDate":"2019-05-17T04:29:00Z","LastModifiedDate":"2021-02-25T17:15:00Z"},{"VulnerabilityID":"CVE-2021-33910","PkgName":"systemd-pam","InstalledVersion":"239-45.el8","FixedVersion":"239-45.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33910","Title":"systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash","Description":"basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.","Severity":"HIGH","CweIDs":["CWE-770"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html","http://www.openwall.com/lists/oss-security/2021/08/04/2","http://www.openwall.com/lists/oss-security/2021/08/17/3","http://www.openwall.com/lists/oss-security/2021/09/07/3","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910","https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b","https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce","https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538","https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61","https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b","https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9","https://linux.oracle.com/cve/CVE-2021-33910.html","https://linux.oracle.com/errata/ELSA-2021-2717.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/","https://security.gentoo.org/glsa/202107-48","https://ubuntu.com/security/notices/USN-5013-1","https://ubuntu.com/security/notices/USN-5013-2","https://www.debian.org/security/2021/dsa-4942","https://www.openwall.com/lists/oss-security/2021/07/20/2","https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt"],"PublishedDate":"2021-07-20T19:15:00Z","LastModifiedDate":"2021-09-21T16:28:00Z"},{"VulnerabilityID":"CVE-2018-20839","PkgName":"systemd-pam","InstalledVersion":"239-45.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20839","Title":"systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker","Description":"systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":5,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.4e0}},"References":["http://www.securityfocus.com/bid/108389","https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993","https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f","https://github.com/systemd/systemd/pull/12378","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://security.netapp.com/advisory/ntap-20190530-0002/"],"PublishedDate":"2019-05-17T04:29:00Z","LastModifiedDate":"2021-02-25T17:15:00Z"},{"VulnerabilityID":"CVE-2021-33910","PkgName":"systemd-udev","InstalledVersion":"239-45.el8","FixedVersion":"239-45.el8_4.2","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-33910","Title":"systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash","Description":"basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.","Severity":"HIGH","CweIDs":["CWE-770"],"CVSS":{"nvd":{"V2Vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V2Score":4.9e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","V3Score":5.5e0}},"References":["http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html","http://www.openwall.com/lists/oss-security/2021/08/04/2","http://www.openwall.com/lists/oss-security/2021/08/17/3","http://www.openwall.com/lists/oss-security/2021/09/07/3","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910","https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b","https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce","https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538","https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61","https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b","https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9","https://linux.oracle.com/cve/CVE-2021-33910.html","https://linux.oracle.com/errata/ELSA-2021-2717.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/","https://security.gentoo.org/glsa/202107-48","https://ubuntu.com/security/notices/USN-5013-1","https://ubuntu.com/security/notices/USN-5013-2","https://www.debian.org/security/2021/dsa-4942","https://www.openwall.com/lists/oss-security/2021/07/20/2","https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt"],"PublishedDate":"2021-07-20T19:15:00Z","LastModifiedDate":"2021-09-21T16:28:00Z"},{"VulnerabilityID":"CVE-2018-20839","PkgName":"systemd-udev","InstalledVersion":"239-45.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20839","Title":"systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker","Description":"systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.","Severity":"MEDIUM","CweIDs":["CWE-200"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","V2Score":5,"V3Score":9.8e0},"redhat":{"V3Vector":"CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","V3Score":6.4e0}},"References":["http://www.securityfocus.com/bid/108389","https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993","https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f","https://github.com/systemd/systemd/pull/12378","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","https://security.netapp.com/advisory/ntap-20190530-0002/"],"PublishedDate":"2019-05-17T04:29:00Z","LastModifiedDate":"2021-02-25T17:15:00Z"},{"VulnerabilityID":"CVE-2005-2541","PkgName":"tar","InstalledVersion":"2:1.30-5.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2005-2541","Title":"tar: does not properly warn the user when extracting setuid or setgid files","Description":"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.","Severity":"MEDIUM","CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","V2Score":10},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":7}},"References":["http://marc.info/?l=bugtraq&m=112327628230258&w=2","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"],"PublishedDate":"2005-08-10T04:00:00Z","LastModifiedDate":"2021-06-18T15:15:00Z"},{"VulnerabilityID":"CVE-2021-20193","PkgName":"tar","InstalledVersion":"2:1.30-5.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-20193","Title":"tar: Memory leak in read_header() in list.c","Description":"A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.","Severity":"MEDIUM","CweIDs":["CWE-125","CWE-401","CWE-125","CWE-401"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","V2Score":4.3e0,"V3Score":5.5e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["https://bugzilla.redhat.com/show_bug.cgi?id=1917565","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193","https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777","https://savannah.gnu.org/bugs/?59897","https://security.gentoo.org/glsa/202105-29"],"PublishedDate":"2021-03-26T17:15:00Z","LastModifiedDate":"2021-06-03T18:53:00Z"},{"VulnerabilityID":"CVE-2019-9923","PkgName":"tar","InstalledVersion":"2:1.30-5.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2019-9923","Title":"tar: null-pointer dereference in pax_decode_header in sparse.c","Description":"pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","V3Score":3.3e0}},"References":["http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html","http://savannah.gnu.org/bugs/?55369","https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241","https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","https://ubuntu.com/security/notices/USN-4692-1"],"PublishedDate":"2019-03-22T08:29:00Z","LastModifiedDate":"2021-06-29T15:15:00Z"},{"VulnerabilityID":"CVE-2021-3778","PkgName":"vim-minimal","InstalledVersion":"2:8.0.1763-15.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3778","Title":"vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c","Description":"vim is vulnerable to Heap-based Buffer Overflow","Severity":"MEDIUM","CweIDs":["CWE-787"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V2Score":6.8e0,"V3Score":7.8e0},"redhat":{"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","V3Score":7.8e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778","https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f","https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273"],"PublishedDate":"2021-09-15T08:15:00Z","LastModifiedDate":"2021-09-24T19:23:00Z"},{"VulnerabilityID":"CVE-2021-3796","PkgName":"vim-minimal","InstalledVersion":"2:8.0.1763-15.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2021-3796","Title":"vim: use-after-free in nv_replace() in normal.c","Description":"vim is vulnerable to Use After Free","Severity":"MEDIUM","CVSS":{"redhat":{"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L","V3Score":8.2e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796","https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3","https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d"],"PublishedDate":"2021-09-15T13:15:00Z","LastModifiedDate":"2021-09-15T15:35:00Z"},{"VulnerabilityID":"CVE-2018-20786","PkgName":"vim-minimal","InstalledVersion":"2:8.0.1763-15.el8","Layer":{"DiffID":"sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59"},"SeveritySource":"redhat","PrimaryURL":"https://avd.aquasec.com/nvd/cve-2018-20786","Title":"libvterm: NULL pointer dereference in vterm_screen_set_callbacks","Description":"libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.","Severity":"LOW","CweIDs":["CWE-476"],"CVSS":{"nvd":{"V2Vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","V2Score":5,"V3Score":7.5e0},"redhat":{"V3Vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","V3Score":5.3e0}},"References":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20786","https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8","https://github.com/vim/vim/issues/3711","https://ubuntu.com/security/notices/USN-4309-1","https://usn.ubuntu.com/4309-1/"],"PublishedDate":"2019-02-24T14:29:00Z","LastModifiedDate":"2020-03-30T20:15:00Z"}]}]}-