Red Hat Enterprise Linux 9 update for mysql



Risk Medium
Patch available YES
Number of vulnerabilities 44
CVE-ID CVE-2022-21529
CVE-2022-21509
CVE-2022-21515
CVE-2022-21517
CVE-2022-21522
CVE-2022-21525
CVE-2022-21526
CVE-2022-21527
CVE-2022-21528
CVE-2022-21530
CVE-2022-21478
CVE-2022-21531
CVE-2022-21534
CVE-2022-21537
CVE-2022-21538
CVE-2022-21539
CVE-2022-21547
CVE-2022-21553
CVE-2022-21556
CVE-2022-21569
CVE-2022-21479
CVE-2022-21462
CVE-2022-21412
CVE-2022-21436
CVE-2022-21413
CVE-2022-21414
CVE-2022-21415
CVE-2022-21417
CVE-2022-21418
CVE-2022-21423
CVE-2022-21425
CVE-2022-21427
CVE-2022-21435
CVE-2022-21437
CVE-2022-21460
CVE-2022-21438
CVE-2022-21440
CVE-2022-21444
CVE-2022-21451
CVE-2022-21452
CVE-2022-21454
CVE-2022-21455
CVE-2022-21457
CVE-2022-21459
CWE-ID CWE-20
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Operating systems & Components / Operating system package or component

mysql (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux for ARM 64 - Extended Update Support
Operating systems & Components / Operating system

Red Hat Enterprise Linux for ARM 64
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, little endian - Extended Update Support
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for x86_64 - Extended Update Support
Operating systems & Components / Operating system

Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 44 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU65517

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21529

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU65510

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21509

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU65521

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21515

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU65512

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21517

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU65524

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21522

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU65515

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21525

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU65516

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21526

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU65508

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21527

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU65509

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21528

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU65518

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21530

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU62413

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21478

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU65519

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21531

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU65523

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21534

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU65513

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21537

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU65526

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21538

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU65511

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21539

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU65514

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21547

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU65520

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21553

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU65504

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21556

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU65505

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21569

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU62414

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21479

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Optimizer component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU62426

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21462

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU62419

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21412

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU62422

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21436

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU62417

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21413

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU62420

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21414

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU62427

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21415

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU62416

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU62415

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21418

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU62434

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21423

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU62410

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21425

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU62418

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21427

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU62421

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21435

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU62423

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21437

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU62430

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21460

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU62424

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21438

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU62411

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21440

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU62429

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21444

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU62428

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21451

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU62425

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21452

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU62404

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21454

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU65522

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21455

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU62409

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21457

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU62412

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21459

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 9.0

Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for ARM 64: 9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 9.0

Red Hat Enterprise Linux for Power, little endian: 9

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 9.0

Red Hat Enterprise Linux for IBM z Systems: 9

Red Hat Enterprise Linux for x86_64 - Extended Update Support: 9.0

Red Hat Enterprise Linux for x86_64: 9

mysql (Red Hat package): before 8.0.30-3.el9_0

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6590


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###