pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2020-1904/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

1089 lines
67 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201904",
"Version": "oval:org.altlinux.errata:def:20201904",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1904: package `MySQL` update to version 8.0.20-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1904",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1904",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-02372",
"RefURL": "https://bdu.fstec.ru/vul/2020-02372",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02373",
"RefURL": "https://bdu.fstec.ru/vul/2020-02373",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02374",
"RefURL": "https://bdu.fstec.ru/vul/2020-02374",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02376",
"RefURL": "https://bdu.fstec.ru/vul/2020-02376",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02377",
"RefURL": "https://bdu.fstec.ru/vul/2020-02377",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02378",
"RefURL": "https://bdu.fstec.ru/vul/2020-02378",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02381",
"RefURL": "https://bdu.fstec.ru/vul/2020-02381",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02575",
"RefURL": "https://bdu.fstec.ru/vul/2020-02575",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02576",
"RefURL": "https://bdu.fstec.ru/vul/2020-02576",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02577",
"RefURL": "https://bdu.fstec.ru/vul/2020-02577",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02578",
"RefURL": "https://bdu.fstec.ru/vul/2020-02578",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02579",
"RefURL": "https://bdu.fstec.ru/vul/2020-02579",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02581",
"RefURL": "https://bdu.fstec.ru/vul/2020-02581",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02582",
"RefURL": "https://bdu.fstec.ru/vul/2020-02582",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02583",
"RefURL": "https://bdu.fstec.ru/vul/2020-02583",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02604",
"RefURL": "https://bdu.fstec.ru/vul/2020-02604",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02645",
"RefURL": "https://bdu.fstec.ru/vul/2020-02645",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02646",
"RefURL": "https://bdu.fstec.ru/vul/2020-02646",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02647",
"RefURL": "https://bdu.fstec.ru/vul/2020-02647",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02648",
"RefURL": "https://bdu.fstec.ru/vul/2020-02648",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02652",
"RefURL": "https://bdu.fstec.ru/vul/2020-02652",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02653",
"RefURL": "https://bdu.fstec.ru/vul/2020-02653",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02654",
"RefURL": "https://bdu.fstec.ru/vul/2020-02654",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02655",
"RefURL": "https://bdu.fstec.ru/vul/2020-02655",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02656",
"RefURL": "https://bdu.fstec.ru/vul/2020-02656",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02657",
"RefURL": "https://bdu.fstec.ru/vul/2020-02657",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02658",
"RefURL": "https://bdu.fstec.ru/vul/2020-02658",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03921",
"RefURL": "https://bdu.fstec.ru/vul/2020-03921",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00422",
"RefURL": "https://bdu.fstec.ru/vul/2021-00422",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00423",
"RefURL": "https://bdu.fstec.ru/vul/2021-00423",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00424",
"RefURL": "https://bdu.fstec.ru/vul/2021-00424",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00425",
"RefURL": "https://bdu.fstec.ru/vul/2021-00425",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00649",
"RefURL": "https://bdu.fstec.ru/vul/2021-00649",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02455",
"RefURL": "https://bdu.fstec.ru/vul/2021-02455",
"Source": "BDU"
},
{
"RefID": "CVE-2013-1548",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1548",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15601",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15601",
"Source": "CVE"
},
{
"RefID": "CVE-2020-14567",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14567",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2759",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2759",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2760",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2760",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2762",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2763",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2765",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2765",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2768",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2768",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2770",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2770",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2774",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2774",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2780",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2780",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2804",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2804",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2812",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2812",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2892",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2892",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2893",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2893",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2895",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2895",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2896",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2896",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2897",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2897",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2898",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2898",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2901",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2901",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2903",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2903",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2904",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2904",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2921",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2921",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2923",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2923",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2924",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2924",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2925",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2926",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2928",
"Source": "CVE"
},
{
"RefID": "CVE-2020-2930",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2930",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2006",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2006",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2007",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2007",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2009",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2009",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2016",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2016",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2019",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2019",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2144",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2144",
"Source": "CVE"
}
],
"Description": "This update upgrades MySQL to version 8.0.20-alt1. \nSecurity Fix(es):\n\n * BDU:2020-02372: Уязвимость компонента Server: Replication системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02373: Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02374: Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02376: Уязвимость компонента Cluster: General системы управления базами данных Oracle MySQL Cluster, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02377: Уязвимость компонента Server:Logging системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02378: Уязвимость компонента Server:Security:Privileges системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02381: Уязвимость компонента Server:Memcached системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02575: Уязвимость компонента Server: Connection Handling системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02576: Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02577: Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02578: Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02579: Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02581: Уязвимость компонента Server:Group Replication Plugin системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02582: Уязвимость компонента Server:PS системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02583: Уязвимость компонента Server:Group Replication GCS системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02604: Уязвимость компонента Server:Parser системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02645: Уязвимость компонента Server: Replication системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02646: Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02647: Уязвимость компонента Server: DML системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02648: Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02652: Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02653: Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02654: Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02655: Уязвимость компонента Server: Information Schema системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02656: Уязвимость компонента Server:Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02657: Уязвимость компонента Server:Charsets системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02658: Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-03921: Уязвимость компонента Server:Replication системы управления базами данных Oracle MySQL, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать зависание или отказ в обслуживании\n\n * BDU:2021-00422: Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2021-00423: Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00424: Уязвимость компонента Server: Security: Roles системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00425: Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00649: Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на чтение данных или получить привилегированный доступ\n\n * BDU:2021-02455: Уязвимость компонента Server: Parser системы управления базами данных Oracle MySQL Server, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2013-1548: Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.\n\n * CVE-2019-15601: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none\n\n * CVE-2020-14567: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2759: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2760: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2020-2762: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2763: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2765: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2768: Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster as well as unauthorized update, insert or delete access to some of MySQL Cluster accessible data. CVSS 3.0 Base Score 6.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H).\n\n * CVE-2020-2770: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2774: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2780: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2804: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2812: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2892: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2893: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2895: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2896: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2897: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2898: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2901: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2903: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2904: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2921: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2923: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2924: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2925: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2926: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2928: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-2930: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2006: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2007: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).\n\n * CVE-2021-2009: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2016: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2021-2019: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).\n\n * CVE-2021-2144: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-05-01"
},
"Updated": {
"Date": "2020-05-01"
},
"BDUs": [
{
"ID": "BDU:2020-02372",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02372",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02373",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02373",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02374",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02374",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02376",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02376",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02377",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02377",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02378",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02378",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02381",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02381",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02575",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02575",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02576",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02576",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02577",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02577",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02578",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02578",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02579",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02579",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02581",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02581",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02582",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02582",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02583",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02583",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02604",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02604",
"Impact": "Low",
"Public": "20200414"
},
{
"ID": "BDU:2020-02645",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02645",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02646",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02646",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02647",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02647",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02648",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02648",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02652",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02652",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02653",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02653",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02654",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02654",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02655",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02655",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02656",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02656",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02657",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02657",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-02658",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02658",
"Impact": "Low",
"Public": "20200412"
},
{
"ID": "BDU:2020-03921",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-03921",
"Impact": "Low",
"Public": "20200715"
},
{
"ID": "BDU:2021-00422",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-00422",
"Impact": "Low",
"Public": "20210119"
},
{
"ID": "BDU:2021-00423",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-00423",
"Impact": "Low",
"Public": "20210119"
},
{
"ID": "BDU:2021-00424",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-00424",
"Impact": "Low",
"Public": "20210119"
},
{
"ID": "BDU:2021-00425",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-00425",
"Impact": "Low",
"Public": "20210119"
},
{
"ID": "BDU:2021-00649",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-00649",
"Impact": "Low",
"Public": "20210120"
},
{
"ID": "BDU:2021-02455",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-02455",
"Impact": "High",
"Public": "20210420"
}
],
"CVEs": [
{
"ID": "CVE-2013-1548",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1548",
"Impact": "Low",
"Public": "20130417"
},
{
"ID": "CVE-2019-15601",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15601",
"Impact": "None",
"Public": "20200106"
},
{
"ID": "CVE-2020-14567",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14567",
"Impact": "Low",
"Public": "20200715"
},
{
"ID": "CVE-2020-2759",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2759",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2760",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2760",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2762",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2762",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2763",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2763",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2765",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2765",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2768",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2768",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2770",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2770",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2774",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2774",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2780",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2780",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2804",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2804",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2812",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2812",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2892",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2892",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2893",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2893",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2895",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2895",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2896",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2896",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2897",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2897",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2898",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2898",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2901",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2901",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2903",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2903",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2904",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2904",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2921",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2921",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2923",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2923",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2924",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2924",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2925",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2925",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2926",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2926",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2928",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2928",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2020-2930",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2930",
"Impact": "Low",
"Public": "20200415"
},
{
"ID": "CVE-2021-2006",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2006",
"Impact": "Low",
"Public": "20210120"
},
{
"ID": "CVE-2021-2007",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2007",
"Impact": "Low",
"Public": "20210120"
},
{
"ID": "CVE-2021-2009",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2009",
"Impact": "Low",
"Public": "20210120"
},
{
"ID": "CVE-2021-2016",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2016",
"Impact": "Low",
"Public": "20210120"
},
{
"ID": "CVE-2021-2019",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2019",
"Impact": "Low",
"Public": "20210120"
},
{
"ID": "CVE-2021-2144",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2144",
"Impact": "High",
"Public": "20210422"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201904001",
"Comment": "MySQL-client is earlier than 0:8.0.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201904002",
"Comment": "MySQL-server is earlier than 0:8.0.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201904003",
"Comment": "MySQL-server-perl is earlier than 0:8.0.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201904004",
"Comment": "libmysqlclient21 is earlier than 0:8.0.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201904005",
"Comment": "libmysqlclient21-devel is earlier than 0:8.0.20-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink