pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2dae4da41e
vuln-list-alt/oval/c10f1/ALT-PU-2024-8426/definitions.json
pepelyaevip 3adf3c2fe5 ALT Vulnerability
2024-05-29 15:02:25 +00:00

695 lines
44 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248426",
"Version": "oval:org.altlinux.errata:def:20248426",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8426: package `MySQL` update to version 8.0.37-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8426",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8426",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-03417",
"RefURL": "https://bdu.fstec.ru/vul/2024-03417",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03418",
"RefURL": "https://bdu.fstec.ru/vul/2024-03418",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03421",
"RefURL": "https://bdu.fstec.ru/vul/2024-03421",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03730",
"RefURL": "https://bdu.fstec.ru/vul/2024-03730",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03731",
"RefURL": "https://bdu.fstec.ru/vul/2024-03731",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03732",
"RefURL": "https://bdu.fstec.ru/vul/2024-03732",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03733",
"RefURL": "https://bdu.fstec.ru/vul/2024-03733",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03734",
"RefURL": "https://bdu.fstec.ru/vul/2024-03734",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03735",
"RefURL": "https://bdu.fstec.ru/vul/2024-03735",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03736",
"RefURL": "https://bdu.fstec.ru/vul/2024-03736",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03737",
"RefURL": "https://bdu.fstec.ru/vul/2024-03737",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03738",
"RefURL": "https://bdu.fstec.ru/vul/2024-03738",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03739",
"RefURL": "https://bdu.fstec.ru/vul/2024-03739",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03740",
"RefURL": "https://bdu.fstec.ru/vul/2024-03740",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03828",
"RefURL": "https://bdu.fstec.ru/vul/2024-03828",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03832",
"RefURL": "https://bdu.fstec.ru/vul/2024-03832",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03834",
"RefURL": "https://bdu.fstec.ru/vul/2024-03834",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04073",
"RefURL": "https://bdu.fstec.ru/vul/2024-04073",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04074",
"RefURL": "https://bdu.fstec.ru/vul/2024-04074",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04075",
"RefURL": "https://bdu.fstec.ru/vul/2024-04075",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04076",
"RefURL": "https://bdu.fstec.ru/vul/2024-04076",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04077",
"RefURL": "https://bdu.fstec.ru/vul/2024-04077",
"Source": "BDU"
},
{
"RefID": "CVE-2024-20993",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20993",
"Source": "CVE"
},
{
"RefID": "CVE-2024-20994",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20994",
"Source": "CVE"
},
{
"RefID": "CVE-2024-20998",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20998",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21000",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21000",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21008",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21008",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21009",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21009",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21013",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21013",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21015",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21015",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21047",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21047",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21049",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21049",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21050",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21050",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21051",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21051",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21052",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21052",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21053",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21053",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21054",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21054",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21055",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21055",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21056",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21056",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21057",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21057",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21060",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21060",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21061",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21061",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21062",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21062",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21069",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21069",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21087",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21087",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21096",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21096",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21102",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21102",
"Source": "CVE"
}
],
"Description": "This update upgrades MySQL to version 8.0.37-alt1. \nSecurity Fix(es):\n\n * BDU:2024-03417: Уязвимость компонента Server: Information Schema системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03418: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03421: Уязвимость компонента Server: Security: Privileges системы управления базами данных Oracle MySQL Server, позволяющая нарушителю получить несанкционированный доступ на чтение, добавление, изменение или удаление защищаемой информации\n\n * BDU:2024-03730: Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03731: Уязвимость компонента Server: DDL системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03732: Уязвимость компонента Server: Data Dictionary системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03733: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03734: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03735: Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03736: Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03737: Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03738: Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03739: Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03740: Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03828: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03832: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-03834: Уязвимость компонента Server: Audit Plug-in системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04073: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04074: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04075: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04076: Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04077: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-20993: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20994: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20998: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21000: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).\n\n * CVE-2024-21008: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21009: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21013: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21015: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2024-21047: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21049: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21050: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21051: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21052: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21053: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21054: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21055: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21056: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21057: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21060: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21061: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21062: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21069: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21087: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-21096: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).\n\n * CVE-2024-21102: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-29"
},
"Updated": {
"Date": "2024-05-29"
},
"BDUs": [
{
"ID": "BDU:2024-03417",
"CVSS": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03417",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03418",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03418",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03421",
"CVSS": "AV:N/AC:L/Au:M/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-285",
"Href": "https://bdu.fstec.ru/vul/2024-03421",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03730",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03730",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03731",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03731",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03732",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03732",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03733",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03733",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03734",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03734",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03735",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03735",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03736",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03736",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03737",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03737",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03738",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03738",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03739",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03739",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03740",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03740",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03828",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03828",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03832",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03832",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-03834",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-03834",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-04073",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-04073",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-04074",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-04074",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-04075",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-04075",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-04076",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-04076",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "BDU:2024-04077",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-04077",
"Impact": "Low",
"Public": "20240416"
}
],
"CVEs": [
{
"ID": "CVE-2024-20993",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20993",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-20994",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20994",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-20998",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20998",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21000",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21000",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21008",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21008",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21009",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21009",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-21013",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21013",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21015",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21015",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21047",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21047",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21049",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21049",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21050",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21050",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21051",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21051",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21052",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21052",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21053",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21053",
"Impact": "None",
"Public": "20240416"
},
{
"ID": "CVE-2024-21054",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21054",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21055",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21055",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21056",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21056",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21057",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21057",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21060",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21060",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21061",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21061",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21062",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21062",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21069",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21069",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21087",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21087",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21096",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21096",
"Impact": "Low",
"Public": "20240416"
},
{
"ID": "CVE-2024-21102",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21102",
"Impact": "Low",
"Public": "20240416"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248426001",
"Comment": "MySQL-client is earlier than 0:8.0.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248426002",
"Comment": "MySQL-server is earlier than 0:8.0.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248426003",
"Comment": "MySQL-server-perl is earlier than 0:8.0.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248426004",
"Comment": "libmysqlclient21 is earlier than 0:8.0.37-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248426005",
"Comment": "libmysqlclient21-devel is earlier than 0:8.0.37-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink