SB2022011902 - Multiple vulnerabilities in MySQL Cluster
Published: January 19, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 44 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2022-21357)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
2) Improper input validation (CVE-ID: CVE-2022-21355)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
3) Improper input validation (CVE-ID: CVE-2022-21333)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
4) Improper input validation (CVE-ID: CVE-2022-21331)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
5) Improper input validation (CVE-ID: CVE-2022-21325)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
6) Improper input validation (CVE-ID: CVE-2022-21324)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
7) Improper input validation (CVE-ID: CVE-2022-21323)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
8) Improper input validation (CVE-ID: CVE-2022-21321)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
9) Improper input validation (CVE-ID: CVE-2022-21319)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
10) Improper input validation (CVE-ID: CVE-2022-21317)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
11) Improper input validation (CVE-ID: CVE-2022-21313)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
12) Improper input validation (CVE-ID: CVE-2022-21312)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
13) Improper input validation (CVE-ID: CVE-2022-21311)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
14) Improper input validation (CVE-ID: CVE-2022-21380)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
15) Improper input validation (CVE-ID: CVE-2022-21356)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
16) Improper input validation (CVE-ID: CVE-2022-21337)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
17) Improper input validation (CVE-ID: CVE-2022-21336)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
18) Improper input validation (CVE-ID: CVE-2022-21335)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
19) Improper input validation (CVE-ID: CVE-2022-21334)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
20) Improper input validation (CVE-ID: CVE-2022-21332)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
21) Improper input validation (CVE-ID: CVE-2022-21330)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
22) Improper input validation (CVE-ID: CVE-2022-21329)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
23) Improper input validation (CVE-ID: CVE-2022-21328)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
24) Improper input validation (CVE-ID: CVE-2022-21327)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
25) Improper input validation (CVE-ID: CVE-2022-21326)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
26) Improper input validation (CVE-ID: CVE-2022-21322)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
27) Improper input validation (CVE-ID: CVE-2022-21320)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
28) Improper input validation (CVE-ID: CVE-2022-21318)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A local privileged user can exploit this vulnerability to execute arbitrary code.
29) Improper input validation (CVE-ID: CVE-2022-21316)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A local privileged user can exploit this vulnerability to execute arbitrary code.
30) Improper input validation (CVE-ID: CVE-2022-21315)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
31) Improper input validation (CVE-ID: CVE-2022-21314)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
32) Improper input validation (CVE-ID: CVE-2022-21310)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
33) Improper input validation (CVE-ID: CVE-2022-21309)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
34) Improper input validation (CVE-ID: CVE-2022-21308)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
35) Improper input validation (CVE-ID: CVE-2022-21307)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
36) Improper input validation (CVE-ID: CVE-2022-21290)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
37) Improper input validation (CVE-ID: CVE-2022-21289)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
38) Improper input validation (CVE-ID: CVE-2022-21288)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
39) Improper input validation (CVE-ID: CVE-2022-21287)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
40) Improper input validation (CVE-ID: CVE-2022-21286)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
41) Improper input validation (CVE-ID: CVE-2022-21285)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
42) Improper input validation (CVE-ID: CVE-2022-21284)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
43) Improper input validation (CVE-ID: CVE-2022-21280)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
44) Improper input validation (CVE-ID: CVE-2022-21279)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
Remediation
Install update from vendor's website.