Anolis OS update for mysql
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 25 |
| CVE-ID | CVE-2024-20993 CVE-2024-20994 CVE-2024-20998 CVE-2024-21000 CVE-2024-21008 CVE-2024-21009 CVE-2024-21013 CVE-2024-21015 CVE-2024-21047 CVE-2024-21049 CVE-2024-21050 CVE-2024-21051 CVE-2024-21052 CVE-2024-21053 CVE-2024-21054 CVE-2024-21055 CVE-2024-21056 CVE-2024-21057 CVE-2024-21060 CVE-2024-21061 CVE-2024-21062 CVE-2024-21069 CVE-2024-21087 CVE-2024-21096 CVE-2024-21102 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system mysql-test Operating systems & Components / Operating system package or component mysql-server Operating systems & Components / Operating system package or component mysql-libs Operating systems & Components / Operating system package or component mysql-errmsg Operating systems & Components / Operating system package or component mysql-devel Operating systems & Components / Operating system package or component mysql-common Operating systems & Components / Operating system package or component mysql Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU88689
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-20993
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU88676
Risk: Medium
CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-20994
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU88690
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-20998
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU88699
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21000
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU88697
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21008
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU88691
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU88698
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21013
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU88675
Risk: Medium
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU88678
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21047
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU88681
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU88682
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21050
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU88683
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21051
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU88684
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21052
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU88685
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21053
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU88692
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21054
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU88693
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21055
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU88686
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU88694
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21057
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU88687
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21060
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU88679
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21061
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Audit Plug-in component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU88695
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU88680
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21069
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU88688
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21087
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU88696
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21096
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Client: mysqldump component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU88677
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21102
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Thread Pooling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
mysql-test: before 8.0.37-1
mysql-server: before 8.0.37-1
mysql-libs: before 8.0.37-1
mysql-errmsg: before 8.0.37-1
mysql-devel: before 8.0.37-1
mysql-common: before 8.0.37-1
mysql: before 8.0.37-1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:mysql-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-server:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-errmsg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:mysql:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2024:0583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
