Ubuntu update for mysql-5.7
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 26 |
| CVE-ID | CVE-2022-21245 CVE-2022-21249 CVE-2022-21253 CVE-2022-21254 CVE-2022-21256 CVE-2022-21264 CVE-2022-21265 CVE-2022-21270 CVE-2022-21301 CVE-2022-21302 CVE-2022-21303 CVE-2022-21304 CVE-2022-21339 CVE-2022-21342 CVE-2022-21344 CVE-2022-21348 CVE-2022-21351 CVE-2022-21358 CVE-2022-21362 CVE-2022-21367 CVE-2022-21368 CVE-2022-21370 CVE-2022-21372 CVE-2022-21374 CVE-2022-21378 CVE-2022-21379 |
| CWE-ID | CWE-20 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system mysql-server-8.0 (Ubuntu package) Operating systems & Components / Operating system package or component mysql-server-5.7 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 26 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU59792
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21245
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU59807
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21249
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU59782
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21253
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU59775
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21254
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU59778
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21256
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU59783
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21264
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU59793
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to manipulate or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU59777
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21270
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU59772
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21301
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU59774
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21302
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU59790
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21303
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU59788
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21304
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU59785
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21339
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU59786
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21342
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU59789
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21344
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU59776
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21348
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU59736
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21351
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU59738
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21358
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU59780
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21362
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU59771
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21367
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Compiling component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU59791
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21368
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU59787
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21370
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU59808
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21372
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU59781
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21374
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU59773
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21378
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU59779
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21379
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
mysql-server-8.0 (Ubuntu package): before 8.0.28-0ubuntu0.21.10.3
mysql-server-5.7 (Ubuntu package): before 5.7.37-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5270-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
