SB2020082915 - openEuler 20.03 LTS update for mysql-8.0.18-2
Published: August 29, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 64 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2020-14576)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: UDF component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
2) Improper input validation (CVE-ID: CVE-2020-14553)
The vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Server: Pluggable Auth component in MySQL Server. A remote authenticated user can exploit this vulnerability to manipulate data.
3) Improper input validation (CVE-ID: CVE-2020-14539)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
4) Improper input validation (CVE-ID: CVE-2020-14540)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
5) Improper input validation (CVE-ID: CVE-2020-14643)
The vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Security: Roles component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
6) Improper input validation (CVE-ID: CVE-2020-14702)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
7) Improper input validation (CVE-ID: CVE-2020-14619)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
8) Improper input validation (CVE-ID: CVE-2020-14567)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
9) Improper input validation (CVE-ID: CVE-2020-14575)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
10) Improper input validation (CVE-ID: CVE-2020-14624)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: JSON component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
11) Improper input validation (CVE-ID: CVE-2020-14631)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Audit component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
12) Improper input validation (CVE-ID: CVE-2020-14678)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to execute arbitrary code.
13) Improper input validation (CVE-ID: CVE-2020-14550)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
14) Improper input validation (CVE-ID: CVE-2020-14559)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.
15) Improper input validation (CVE-ID: CVE-2020-14651)
The vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Security: Roles component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
16) Improper input validation (CVE-ID: CVE-2020-14641)
The vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Security: Roles component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
17) Improper input validation (CVE-ID: CVE-2020-14568)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
18) Improper input validation (CVE-ID: CVE-2020-14623)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
19) Improper input validation (CVE-ID: CVE-2020-14591)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Audit Plug-in component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
20) Improper input validation (CVE-ID: CVE-2020-14614)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
21) Improper input validation (CVE-ID: CVE-2020-14680)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
22) Improper input validation (CVE-ID: CVE-2020-14633)
The vulnerability allows a remote privileged user to manipulate data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.
23) Improper input validation (CVE-ID: CVE-2020-14632)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
24) Improper input validation (CVE-ID: CVE-2020-14634)
The vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
25) Improper input validation (CVE-ID: CVE-2020-14597)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
26) Improper input validation (CVE-ID: CVE-2020-14697)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to execute arbitrary code.
27) Improper input validation (CVE-ID: CVE-2020-2893)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
28) Improper input validation (CVE-ID: CVE-2020-2763)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
29) Improper input validation (CVE-ID: CVE-2020-2765)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
30) Improper input validation (CVE-ID: CVE-2020-2903)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
31) Improper input validation (CVE-ID: CVE-2020-2770)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
32) Improper input validation (CVE-ID: CVE-2020-2892)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
33) Improper input validation (CVE-ID: CVE-2020-2897)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
34) Improper input validation (CVE-ID: CVE-2020-14547)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
35) Improper input validation (CVE-ID: CVE-2020-14586)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
36) Improper input validation (CVE-ID: CVE-2020-2901)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
37) Improper input validation (CVE-ID: CVE-2020-2686)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
38) Improper input validation (CVE-ID: CVE-2020-2761)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
39) Improper input validation (CVE-ID: CVE-2020-2759)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
40) Improper input validation (CVE-ID: CVE-2020-2895)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
41) Improper input validation (CVE-ID: CVE-2020-2584)
The vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
42) Improper input validation (CVE-ID: CVE-2020-2779)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
43) Improper input validation (CVE-ID: CVE-2020-14620)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
44) Improper input validation (CVE-ID: CVE-2020-2780)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
45) Improper input validation (CVE-ID: CVE-2020-14656)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Locking component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
46) Improper input validation (CVE-ID: CVE-2020-2774)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
47) Improper input validation (CVE-ID: CVE-2020-2853)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
48) Improper input validation (CVE-ID: CVE-2020-2921)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
49) Improper input validation (CVE-ID: CVE-2020-2589)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
50) Improper input validation (CVE-ID: CVE-2020-2896)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
51) Improper input validation (CVE-ID: CVE-2020-2925)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
52) Improper input validation (CVE-ID: CVE-2020-2679)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
53) Improper input validation (CVE-ID: CVE-2020-2577)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
54) Improper input validation (CVE-ID: CVE-2020-2762)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
55) Improper input validation (CVE-ID: CVE-2020-2768)
The vulnerability allows a remote authenticated user to damange or delete data.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote authenticated user can exploit this vulnerability to damage or delete data.
56) Improper input validation (CVE-ID: CVE-2020-2814)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
57) Improper input validation (CVE-ID: CVE-2020-14654)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
58) Improper input validation (CVE-ID: CVE-2020-2573)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
59) Improper input validation (CVE-ID: CVE-2020-2812)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
60) Improper input validation (CVE-ID: CVE-2020-2923)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
61) Improper input validation (CVE-ID: CVE-2020-2924)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
62) Improper input validation (CVE-ID: CVE-2020-2926)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication GCS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
63) Improper input validation (CVE-ID: CVE-2020-2804)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Memcached component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
64) Improper input validation (CVE-ID: CVE-2020-2760)
The vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
Remediation
Install update from vendor's website.