SB20240611223 - Ubuntu update for mysql-8.0

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20240611223

SB20240611223 - Ubuntu update for mysql-8.0

Published: June 11, 2024

Security Bulletin ID SB20240611223
Severity
Medium
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 71% Low 29%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2024-21013)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


2) Improper input validation (CVE-ID: CVE-2024-20998)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


3) Improper input validation (CVE-ID: CVE-2024-21047)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


4) Improper input validation (CVE-ID: CVE-2024-21060)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


5) Improper input validation (CVE-ID: CVE-2024-21087)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


6) Improper input validation (CVE-ID: CVE-2024-21000)

The vulnerability allows a remote privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.


7) Improper input validation (CVE-ID: CVE-2024-21009)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


8) Improper input validation (CVE-ID: CVE-2024-21069)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


9) Improper input validation (CVE-ID: CVE-2024-21102)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


10) Improper input validation (CVE-ID: CVE-2024-21054)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


11) Improper input validation (CVE-ID: CVE-2024-21062)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


12) Improper input validation (CVE-ID: CVE-2024-21008)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


13) Improper input validation (CVE-ID: CVE-2024-20994)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.


14) Improper input validation (CVE-ID: CVE-2024-21096)

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.


Remediation

Install update from vendor's website.

References