Red Hat Software Collections update for rh-mysql80-mysql



Published: 2022-09-14
Risk Medium
Patch available YES
Number of vulnerabilities 114
CVE-ID CVE-2022-21415
CVE-2022-21444
CVE-2022-21440
CVE-2022-21438
CVE-2022-21437
CVE-2022-21436
CVE-2022-21435
CVE-2022-21427
CVE-2022-21425
CVE-2022-21423
CVE-2022-21418
CVE-2022-21417
CVE-2022-21414
CVE-2022-21452
CVE-2022-21413
CVE-2022-21412
CVE-2022-21379
CVE-2022-21378
CVE-2022-21374
CVE-2022-21372
CVE-2022-21370
CVE-2022-21368
CVE-2022-21367
CVE-2022-21362
CVE-2022-21358
CVE-2022-21352
CVE-2022-21451
CVE-2022-21454
CVE-2022-21348
CVE-2022-21528
CVE-2022-21569
CVE-2022-21556
CVE-2022-21553
CVE-2022-21547
CVE-2022-21539
CVE-2022-21538
CVE-2022-21537
CVE-2022-21534
CVE-2022-21531
CVE-2022-21530
CVE-2022-21529
CVE-2022-21527
CVE-2022-21455
CVE-2022-21526
CVE-2022-21525
CVE-2022-21522
CVE-2022-21517
CVE-2022-21515
CVE-2022-21509
CVE-2022-21479
CVE-2022-21478
CVE-2022-21462
CVE-2022-21460
CVE-2022-21459
CVE-2022-21457
CVE-2022-21351
CVE-2022-21344
CVE-2021-2478
CVE-2021-35612
CVE-2021-35633
CVE-2021-35632
CVE-2021-35631
CVE-2021-35630
CVE-2021-35628
CVE-2021-35627
CVE-2021-35626
CVE-2021-35625
CVE-2021-35624
CVE-2021-35623
CVE-2021-35622
CVE-2021-35610
CVE-2021-35635
CVE-2021-35608
CVE-2021-35607
CVE-2021-35604
CVE-2021-35602
CVE-2021-35597
CVE-2021-35596
CVE-2021-35591
CVE-2021-35577
CVE-2021-35575
CVE-2021-35546
CVE-2021-2481
CVE-2021-2479
CVE-2021-35634
CVE-2021-35636
CVE-2022-21342
CVE-2022-21253
CVE-2022-21339
CVE-2022-21304
CVE-2022-21303
CVE-2022-21302
CVE-2022-21301
CVE-2022-21297
CVE-2022-21278
CVE-2022-21270
CVE-2022-21265
CVE-2022-21264
CVE-2022-21256
CVE-2022-21254
CVE-2022-21249
CVE-2021-35637
CVE-2022-21245
CVE-2021-35648
CVE-2021-35647
CVE-2021-35646
CVE-2021-35645
CVE-2021-35644
CVE-2021-35643
CVE-2021-35642
CVE-2021-35641
CVE-2021-35640
CVE-2021-35639
CVE-2021-35638
CWE-ID CWE-20
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
rh-mysql80-mysql (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 114 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU62427

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21415

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU62429

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21444

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU62411

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21440

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU62424

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21438

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU62423

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21437

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU62422

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21436

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU62421

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21435

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU62418

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21427

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU62410

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21425

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU62434

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21423

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU62415

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21418

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU62416

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU62420

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21414

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU62425

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21452

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU62417

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21413

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU62419

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21412

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU59779

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21379

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU59773

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21378

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU59781

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21374

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU59808

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21372

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU59787

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21370

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU59791

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21368

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU59771

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21367

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Compiling component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU59780

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21362

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU59738

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21358

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU59770

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21352

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU62428

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21451

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU62404

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21454

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU59776

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21348

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU65509

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21528

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU65505

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21569

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU65504

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21556

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU65520

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21553

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU65514

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21547

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU65511

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21539

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU65526

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21538

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU65513

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21537

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU65523

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21534

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU65519

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21531

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU65518

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21530

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU65517

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21529

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU65508

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21527

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU65522

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21455

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU65516

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21526

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU65515

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21525

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU65524

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21522

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper input validation

EUVDB-ID: #VU65512

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21517

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU65521

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21515

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU65510

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21509

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU62414

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21479

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Optimizer component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU62413

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21478

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper input validation

EUVDB-ID: #VU62426

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21462

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper input validation

EUVDB-ID: #VU62430

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21460

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper input validation

EUVDB-ID: #VU62412

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21459

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper input validation

EUVDB-ID: #VU62409

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21457

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper input validation

EUVDB-ID: #VU59736

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21351

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper input validation

EUVDB-ID: #VU59789

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21344

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper input validation

EUVDB-ID: #VU57516

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2478

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper input validation

EUVDB-ID: #VU57512

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35612

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper input validation

EUVDB-ID: #VU57549

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35633

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper input validation

EUVDB-ID: #VU57545

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35632

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper input validation

EUVDB-ID: #VU57522

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35631

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: GIS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper input validation

EUVDB-ID: #VU57539

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35630

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper input validation

EUVDB-ID: #VU57525

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35628

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper input validation

EUVDB-ID: #VU57524

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35627

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper input validation

EUVDB-ID: #VU57523

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35626

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper input validation

EUVDB-ID: #VU57550

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35625

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper input validation

EUVDB-ID: #VU57543

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35624

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper input validation

EUVDB-ID: #VU57551

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35623

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Roles component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper input validation

EUVDB-ID: #VU57542

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35622

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper input validation

EUVDB-ID: #VU57500

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35610

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper input validation

EUVDB-ID: #VU57529

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35635

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper input validation

EUVDB-ID: #VU57513

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35608

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper input validation

EUVDB-ID: #VU57502

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35607

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper input validation

EUVDB-ID: #VU57511

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35604

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper input validation

EUVDB-ID: #VU57514

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35602

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper input validation

EUVDB-ID: #VU57501

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35597

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper input validation

EUVDB-ID: #VU57520

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35596

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Error Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper input validation

EUVDB-ID: #VU57519

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35591

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper input validation

EUVDB-ID: #VU57515

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35577

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper input validation

EUVDB-ID: #VU57527

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35575

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper input validation

EUVDB-ID: #VU57541

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35546

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper input validation

EUVDB-ID: #VU57503

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2481

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper input validation

EUVDB-ID: #VU57517

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2479

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper input validation

EUVDB-ID: #VU57528

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35634

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Improper input validation

EUVDB-ID: #VU57530

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35636

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper input validation

EUVDB-ID: #VU59786

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21342

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Improper input validation

EUVDB-ID: #VU59782

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21253

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper input validation

EUVDB-ID: #VU59785

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21339

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper input validation

EUVDB-ID: #VU59788

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21304

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper input validation

EUVDB-ID: #VU59790

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21303

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper input validation

EUVDB-ID: #VU59774

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21302

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper input validation

EUVDB-ID: #VU59772

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21301

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper input validation

EUVDB-ID: #VU59784

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21297

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Improper input validation

EUVDB-ID: #VU59735

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21278

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper input validation

EUVDB-ID: #VU59777

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21270

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improper input validation

EUVDB-ID: #VU59793

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper input validation

EUVDB-ID: #VU59783

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21264

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper input validation

EUVDB-ID: #VU59778

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21256

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Improper input validation

EUVDB-ID: #VU59775

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21254

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper input validation

EUVDB-ID: #VU59807

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21249

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper input validation

EUVDB-ID: #VU57540

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35637

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper input validation

EUVDB-ID: #VU59792

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21245

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper input validation

EUVDB-ID: #VU57521

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35648

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper input validation

EUVDB-ID: #VU57538

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35647

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper input validation

EUVDB-ID: #VU57537

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35646

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper input validation

EUVDB-ID: #VU57536

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35645

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper input validation

EUVDB-ID: #VU57535

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35644

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper input validation

EUVDB-ID: #VU57534

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35643

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper input validation

EUVDB-ID: #VU57533

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35642

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper input validation

EUVDB-ID: #VU57532

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35641

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper input validation

EUVDB-ID: #VU57548

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35640

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper input validation

EUVDB-ID: #VU57544

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35639

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper input validation

EUVDB-ID: #VU57531

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35638

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

rh-mysql80-mysql (Red Hat package): 8.0.17-1.el7 - 8.0.26-1.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6518


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###