Red Hat Software Collections update for rh-mysql80-mysql



Published: 2021-10-13
Risk Medium
Patch available YES
Number of vulnerabilities 139
CVE-ID CVE-2021-2164
CVE-2021-2372
CVE-2021-2213
CVE-2021-2203
CVE-2021-2305
CVE-2021-2002
CVE-2020-14873
CVE-2020-14866
CVE-2020-14777
CVE-2021-2028
CVE-2021-2056
CVE-2021-2278
CVE-2020-14870
CVE-2020-14821
CVE-2021-2441
CVE-2021-2440
CVE-2020-14809
CVE-2021-2300
CVE-2021-2370
CVE-2021-2424
CVE-2021-2444
CVE-2020-14838
CVE-2020-14891
CVE-2021-2422
CVE-2021-2427
CVE-2021-2399
CVE-2021-2293
CVE-2020-14791
CVE-2021-2061
CVE-2021-2010
CVE-2021-2046
CVE-2021-2058
CVE-2021-2425
CVE-2021-2215
CVE-2020-14888
CVE-2021-2174
CVE-2020-14786
CVE-2021-2217
CVE-2021-2230
CVE-2021-2226
CVE-2021-2212
CVE-2020-14837
CVE-2020-14828
CVE-2020-14848
CVE-2020-14804
CVE-2020-14794
CVE-2020-14790
CVE-2021-2354
CVE-2020-14800
CVE-2021-2179
CVE-2021-2178
CVE-2021-2389
CVE-2020-14775
CVE-2021-2076
CVE-2021-2031
CVE-2020-14785
CVE-2021-2374
CVE-2021-2390
CVE-2021-2429
CVE-2021-2048
CVE-2020-14861
CVE-2021-2032
CVE-2021-2169
CVE-2020-14773
CVE-2020-14836
CVE-2021-2367
CVE-2021-2307
CVE-2020-14765
CVE-2021-2356
CVE-2020-14845
CVE-2021-2022
CVE-2021-2385
CVE-2021-2065
CVE-2021-2060
CVE-2021-2030
CVE-2021-2038
CVE-2021-2202
CVE-2020-14868
CVE-2021-2301
CVE-2021-2208
CVE-2021-2166
CVE-2021-2146
CVE-2021-2172
CVE-2021-2070
CVE-2021-2001
CVE-2021-2410
CVE-2020-14672
CVE-2021-2412
CVE-2021-2299
CVE-2021-2088
CVE-2021-2072
CVE-2021-2055
CVE-2021-2417
CVE-2021-2426
CVE-2021-2232
CVE-2020-14844
CVE-2021-2021
CVE-2021-2339
CVE-2021-2340
CVE-2021-2383
CVE-2021-2193
CVE-2021-2298
CVE-2021-2308
CVE-2021-2418
CVE-2020-14814
CVE-2021-2081
CVE-2021-2194
CVE-2021-2437
CVE-2020-14769
CVE-2020-14793
CVE-2021-2024
CVE-2020-14830
CVE-2021-2011
CVE-2021-2201
CVE-2021-2304
CVE-2021-2402
CVE-2020-14852
CVE-2020-14776
CVE-2020-14829
CVE-2020-14846
CVE-2020-14839
CVE-2021-2122
CVE-2021-2042
CVE-2020-14867
CVE-2021-2342
CVE-2020-14789
CVE-2021-2087
CVE-2021-2352
CVE-2021-2180
CVE-2021-2170
CVE-2021-2357
CVE-2021-2384
CVE-2021-2036
CVE-2020-14893
CVE-2021-2387
CVE-2020-14860
CVE-2021-2196
CVE-2021-2171
CVE-2020-14812
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
rh-mysql80-mysql (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Software Collections
Universal components / Libraries / Software for developers

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 139 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU52403

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2164

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU55091

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2372

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU52409

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2213

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU52407

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2203

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU52399

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2305

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU49823

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2002

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU47827

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14873

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU47813

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14866

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU47804

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14777

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU49808

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2028

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU49831

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2056

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU52410

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2278

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU47824

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14870

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: X Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU47795

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14821

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU55088

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2441

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU55071

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2440

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU47808

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14809

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU52398

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2300

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU55070

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2370

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU55090

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2424

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU55081

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2444

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU47828

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14838

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU47816

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14891

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU55089

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2422

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU55086

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2427

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU55069

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2399

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU52418

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2293

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU47830

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14791

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU49830

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2061

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU49835

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2010

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to manipulate or delete data.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote authenticated user can exploit this vulnerability to manipulate or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU49802

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2046

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to a crash the entire system.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to a crash the entire system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU49810

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2058

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Locking component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU55084

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2425

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU52416

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2215

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU47815

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14888

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU52419

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2174

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU47818

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14786

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU52417

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2217

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU52412

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2230

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU52401

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2226

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU52408

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2212

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU47809

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14837

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU47784

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14828

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU47797

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14848

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU47801

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14804

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU47807

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14794

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper input validation

EUVDB-ID: #VU47819

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14790

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU55072

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2354

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU47791

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14800

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU52400

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2179

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU52389

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2178

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper input validation

EUVDB-ID: #VU55062

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2389

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper input validation

EUVDB-ID: #VU47785

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14775

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper input validation

EUVDB-ID: #VU49820

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2076

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper input validation

EUVDB-ID: #VU49815

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2031

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper input validation

EUVDB-ID: #VU47805

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14785

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper input validation

EUVDB-ID: #VU55092

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2374

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A local privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper input validation

EUVDB-ID: #VU55063

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2390

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper input validation

EUVDB-ID: #VU55064

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2429

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper input validation

EUVDB-ID: #VU49807

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2048

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper input validation

EUVDB-ID: #VU47812

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14861

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper input validation

EUVDB-ID: #VU49834

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2032

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper input validation

EUVDB-ID: #VU52404

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2169

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper input validation

EUVDB-ID: #VU47803

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14773

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper input validation

EUVDB-ID: #VU47789

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14836

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper input validation

EUVDB-ID: #VU55076

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2367

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper input validation

EUVDB-ID: #VU52391

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2307

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Packaging component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper input validation

EUVDB-ID: #VU47786

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14765

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper input validation

EUVDB-ID: #VU55065

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2356

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper input validation

EUVDB-ID: #VU47811

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14845

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper input validation

EUVDB-ID: #VU49828

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2022

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper input validation

EUVDB-ID: #VU55066

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2385

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper input validation

EUVDB-ID: #VU49821

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2065

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper input validation

EUVDB-ID: #VU49818

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2060

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper input validation

EUVDB-ID: #VU49814

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2030

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper input validation

EUVDB-ID: #VU49829

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2038

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper input validation

EUVDB-ID: #VU52390

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2202

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper input validation

EUVDB-ID: #VU47814

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14868

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper input validation

EUVDB-ID: #VU52422

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2301

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper input validation

EUVDB-ID: #VU52415

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2208

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Partition component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper input validation

EUVDB-ID: #VU52396

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2166

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper input validation

EUVDB-ID: #VU52413

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2146

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper input validation

EUVDB-ID: #VU52387

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2172

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper input validation

EUVDB-ID: #VU49819

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2070

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper input validation

EUVDB-ID: #VU49811

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2001

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Improper input validation

EUVDB-ID: #VU55082

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2410

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper input validation

EUVDB-ID: #VU47823

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14672

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Improper input validation

EUVDB-ID: #VU55077

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2412

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper input validation

EUVDB-ID: #VU52411

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2299

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper input validation

EUVDB-ID: #VU49833

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2088

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper input validation

EUVDB-ID: #VU49826

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2072

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper input validation

EUVDB-ID: #VU49817

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2055

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper input validation

EUVDB-ID: #VU55061

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2417

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: GIS component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper input validation

EUVDB-ID: #VU55085

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2426

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Improper input validation

EUVDB-ID: #VU52424

Risk: Low

CVSSv3.1: 1.7 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2232

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A local privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper input validation

EUVDB-ID: #VU47820

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14844

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improper input validation

EUVDB-ID: #VU49813

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2021

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper input validation

EUVDB-ID: #VU55067

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2339

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper input validation

EUVDB-ID: #VU55094

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2340

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Memcached component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Improper input validation

EUVDB-ID: #VU55078

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2383

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper input validation

EUVDB-ID: #VU52406

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2193

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper input validation

EUVDB-ID: #VU52388

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2298

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper input validation

EUVDB-ID: #VU52423

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2308

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper input validation

EUVDB-ID: #VU55083

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2418

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper input validation

EUVDB-ID: #VU47799

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14814

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper input validation

EUVDB-ID: #VU49827

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2081

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper input validation

EUVDB-ID: #VU52394

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2194

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper input validation

EUVDB-ID: #VU55087

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2437

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper input validation

EUVDB-ID: #VU47787

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14769

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper input validation

EUVDB-ID: #VU47806

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14793

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper input validation

EUVDB-ID: #VU49804

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2024

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper input validation

EUVDB-ID: #VU47788

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14830

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper input validation

EUVDB-ID: #VU49805

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2011

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper input validation

EUVDB-ID: #VU52414

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2201

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Partition component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Improper input validation

EUVDB-ID: #VU52392

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2304

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper input validation

EUVDB-ID: #VU55073

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2402

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Locking component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Improper input validation

EUVDB-ID: #VU47798

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14852

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Charsets component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Improper input validation

EUVDB-ID: #VU47794

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14776

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Improper input validation

EUVDB-ID: #VU47796

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14829

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Improper input validation

EUVDB-ID: #VU47790

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14846

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Improper input validation

EUVDB-ID: #VU47810

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14839

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Improper input validation

EUVDB-ID: #VU49809

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2122

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper input validation

EUVDB-ID: #VU49839

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2042

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A local privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improper input validation

EUVDB-ID: #VU47826

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14867

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Improper input validation

EUVDB-ID: #VU55074

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2342

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Improper input validation

EUVDB-ID: #VU47800

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14789

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Improper input validation

EUVDB-ID: #VU49832

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2087

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Improper input validation

EUVDB-ID: #VU55068

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2352

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Improper input validation

EUVDB-ID: #VU52393

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2180

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Improper input validation

EUVDB-ID: #VU52405

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2170

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Improper input validation

EUVDB-ID: #VU55075

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2357

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Improper input validation

EUVDB-ID: #VU55079

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2384

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Improper input validation

EUVDB-ID: #VU49816

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2036

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Improper input validation

EUVDB-ID: #VU47817

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14893

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improper input validation

EUVDB-ID: #VU55080

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2387

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Improper input validation

EUVDB-ID: #VU47829

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14860

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Roles component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Improper input validation

EUVDB-ID: #VU52397

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2196

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Improper input validation

EUVDB-ID: #VU52420

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2171

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Improper input validation

EUVDB-ID: #VU47802

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14812

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Locking component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7, 8.0.21-1.el7

Red Hat Software Collections: 1 for RHEL 7, 1 for RHEL 7.7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:3811

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###