SB2022021124 - openEuler update for mysql
Published: February 11, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 71 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2022-21245)
The vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to manipulate data.
2) Improper input validation (CVE-ID: CVE-2022-21264)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
3) Improper input validation (CVE-ID: CVE-2022-21302)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
4) Improper input validation (CVE-ID: CVE-2022-21285)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
5) Improper input validation (CVE-ID: CVE-2022-21288)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
6) Improper input validation (CVE-ID: CVE-2022-21290)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
7) Improper input validation (CVE-ID: CVE-2022-21254)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
8) Improper input validation (CVE-ID: CVE-2022-21301)
The vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
9) Improper input validation (CVE-ID: CVE-2022-21287)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
10) Improper input validation (CVE-ID: CVE-2022-21270)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
11) Improper input validation (CVE-ID: CVE-2022-21286)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
12) Improper input validation (CVE-ID: CVE-2022-21284)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
13) Improper input validation (CVE-ID: CVE-2022-21265)
The vulnerability allows a remote privileged user to manipulate or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate or delete data.
14) Improper input validation (CVE-ID: CVE-2022-21289)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
15) Improper input validation (CVE-ID: CVE-2022-21304)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
16) Improper input validation (CVE-ID: CVE-2022-21256)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
17) Improper input validation (CVE-ID: CVE-2022-21249)
The vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
18) Improper input validation (CVE-ID: CVE-2022-21253)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
19) Improper input validation (CVE-ID: CVE-2022-21303)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
20) Improper input validation (CVE-ID: CVE-2022-21315)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
21) Improper input validation (CVE-ID: CVE-2022-21316)
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A local privileged user can exploit this vulnerability to execute arbitrary code.
22) Improper input validation (CVE-ID: CVE-2022-21314)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
23) Improper input validation (CVE-ID: CVE-2022-21312)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
24) Improper input validation (CVE-ID: CVE-2022-21311)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
25) Improper input validation (CVE-ID: CVE-2022-21313)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
26) Improper input validation (CVE-ID: CVE-2022-21317)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
27) Improper input validation (CVE-ID: CVE-2022-21320)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
28) Improper input validation (CVE-ID: CVE-2022-21318)
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A local privileged user can exploit this vulnerability to execute arbitrary code.
29) Improper input validation (CVE-ID: CVE-2022-21325)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
30) Improper input validation (CVE-ID: CVE-2022-21319)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
31) Improper input validation (CVE-ID: CVE-2022-21308)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
32) Improper input validation (CVE-ID: CVE-2022-21326)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
33) Improper input validation (CVE-ID: CVE-2022-21324)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
34) Improper input validation (CVE-ID: CVE-2022-21355)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
35) Improper input validation (CVE-ID: CVE-2022-21344)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
36) Improper input validation (CVE-ID: CVE-2022-21342)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
37) Improper input validation (CVE-ID: CVE-2022-21368)
The vulnerability allows a remote privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.
38) Improper input validation (CVE-ID: CVE-2022-21335)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
39) Improper input validation (CVE-ID: CVE-2022-21328)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
40) Improper input validation (CVE-ID: CVE-2022-21374)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
41) Improper input validation (CVE-ID: CVE-2022-21333)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
42) Improper input validation (CVE-ID: CVE-2022-21339)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
43) Improper input validation (CVE-ID: CVE-2022-21378)
The vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
44) Improper input validation (CVE-ID: CVE-2022-21329)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
45) Improper input validation (CVE-ID: CVE-2022-21356)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
46) Improper input validation (CVE-ID: CVE-2022-21372)
The vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
47) Improper input validation (CVE-ID: CVE-2022-21332)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
48) Improper input validation (CVE-ID: CVE-2022-21330)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
49) Improper input validation (CVE-ID: CVE-2022-21336)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
50) Improper input validation (CVE-ID: CVE-2022-21367)
The vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Compiling component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
51) Improper input validation (CVE-ID: CVE-2022-21327)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
52) Improper input validation (CVE-ID: CVE-2022-21334)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
53) Improper input validation (CVE-ID: CVE-2022-21380)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
54) Improper input validation (CVE-ID: CVE-2022-21357)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
55) Improper input validation (CVE-ID: CVE-2022-21348)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
56) Improper input validation (CVE-ID: CVE-2022-21362)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
57) Improper input validation (CVE-ID: CVE-2022-21307)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
58) Improper input validation (CVE-ID: CVE-2022-21363)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote privileged user can exploit this vulnerability to execute arbitrary code.
59) Improper input validation (CVE-ID: CVE-2022-21280)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
60) Improper input validation (CVE-ID: CVE-2022-21309)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
61) Improper input validation (CVE-ID: CVE-2022-21351)
The vulnerability allows a remote authenticated user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.
62) Improper input validation (CVE-ID: CVE-2022-21358)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
63) Improper input validation (CVE-ID: CVE-2022-21279)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
64) Improper input validation (CVE-ID: CVE-2022-21337)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
65) Improper input validation (CVE-ID: CVE-2022-21370)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
66) Improper input validation (CVE-ID: CVE-2022-21331)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
67) Improper input validation (CVE-ID: CVE-2022-21310)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
68) Improper input validation (CVE-ID: CVE-2022-21321)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
69) Improper input validation (CVE-ID: CVE-2022-21379)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
70) Improper input validation (CVE-ID: CVE-2022-21323)
The vulnerability allows a remote privileged user to read memory contents or crash the application.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to read memory contents or crash the application.
71) Improper input validation (CVE-ID: CVE-2022-21322)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote privileged user can exploit this vulnerability to execute arbitrary code.
Remediation
Install update from vendor's website.