openEuler 22.03 LTS SP1 update for mysql
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 39 |
| CVE-ID | CVE-2023-6129 CVE-2024-20960 CVE-2024-20961 CVE-2024-20962 CVE-2024-20963 CVE-2024-20964 CVE-2024-20965 CVE-2024-20966 CVE-2024-20967 CVE-2024-20969 CVE-2024-20970 CVE-2024-20971 CVE-2024-20972 CVE-2024-20973 CVE-2024-20974 CVE-2024-20976 CVE-2024-20977 CVE-2024-20978 CVE-2024-20981 CVE-2024-20982 CVE-2024-20984 CVE-2024-20985 CVE-2024-20993 CVE-2024-20994 CVE-2024-20998 CVE-2024-21000 CVE-2024-21008 CVE-2024-21009 CVE-2024-21013 CVE-2024-21047 CVE-2024-21054 CVE-2024-21055 CVE-2024-21057 CVE-2024-21060 CVE-2024-21061 CVE-2024-21062 CVE-2024-21069 CVE-2024-21096 CVE-2024-21102 |
| CWE-ID | CWE-371 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openEuler Operating systems & Components / Operating system mysql-debugsource Operating systems & Components / Operating system package or component mysql-common Operating systems & Components / Operating system package or component mysql-help Operating systems & Components / Operating system package or component mysql-debuginfo Operating systems & Components / Operating system package or component mysql-test Operating systems & Components / Operating system package or component mysql-libs Operating systems & Components / Operating system package or component mysql-server Operating systems & Components / Operating system package or component mysql-config Operating systems & Components / Operating system package or component mysql-errmsg Operating systems & Components / Operating system package or component mysql-devel Operating systems & Components / Operating system package or component mysql Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 39 vulnerabilities.
1) State Issues
EUVDB-ID: #VU85170
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6129
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in POLY1305 MAC (message authentication code) implementation on PowerPC CPU based platforms if the CPU provides vector instructions. A remote attacker can perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU85483
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20960
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: RAPID component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU85478
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20961
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU85479
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20962
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU85484
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU85488
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20964
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU85489
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU85492
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20966
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU85487
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU85486
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20969
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU85493
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20970
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU85494
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU85495
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20972
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU85480
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20973
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU85496
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU85497
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20976
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU85482
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20977
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU85498
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20978
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU85490
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20981
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU85499
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU85500
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20984
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server : Security : Firewall component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU85485
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20985
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: UDF component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU88689
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20993
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU88676
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20994
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU88690
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20998
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper input validation
EUVDB-ID: #VU88699
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21000
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU88697
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21008
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU88691
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU88698
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21013
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU88678
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21047
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper input validation
EUVDB-ID: #VU88692
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21054
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper input validation
EUVDB-ID: #VU88693
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21055
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU88694
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21057
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper input validation
EUVDB-ID: #VU88687
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21060
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper input validation
EUVDB-ID: #VU88679
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21061
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Audit Plug-in component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper input validation
EUVDB-ID: #VU88695
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper input validation
EUVDB-ID: #VU88680
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21069
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper input validation
EUVDB-ID: #VU88696
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21096
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper input validation
EUVDB-ID: #VU88677
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21102
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
mysql-debugsource: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql-help: before 8.0.37-1
mysql-debuginfo: before 8.0.37-1
mysql-test: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-config: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1561
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
