Ubuntu update for mysql-5.7
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2022-21412 CVE-2022-21413 CVE-2022-21414 CVE-2022-21415 CVE-2022-21417 CVE-2022-21418 CVE-2022-21423 CVE-2022-21425 CVE-2022-21427 CVE-2022-21435 CVE-2022-21436 CVE-2022-21437 CVE-2022-21438 CVE-2022-21440 CVE-2022-21444 CVE-2022-21451 CVE-2022-21452 CVE-2022-21454 CVE-2022-21457 CVE-2022-21459 CVE-2022-21460 CVE-2022-21462 CVE-2022-21478 |
| CWE-ID | CWE-20 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system mysql-server-8.0 (Ubuntu package) Operating systems & Components / Operating system package or component mysql-server-5.7 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU62419
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21412
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU62417
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21413
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU62420
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21414
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU62427
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21415
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU62416
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21417
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU62415
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21418
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU62434
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21423
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU62410
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21425
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU62418
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21427
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU62421
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21435
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU62422
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21436
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU62423
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21437
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU62424
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21438
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU62411
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21440
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU62429
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21444
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU62428
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21451
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU62425
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21452
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU62404
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21454
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU62409
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21457
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU62412
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21459
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU62430
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21460
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU62426
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21462
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU62413
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21478
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationUpdate the affected package mysql-5.7 to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
mysql-server-8.0 (Ubuntu package): before 8.0.29-0ubuntu0.22.04.1
mysql-server-5.7 (Ubuntu package): before 5.7.38-0ubuntu0.18.04.1
External linkshttp://ubuntu.com/security/notices/USN-5400-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
