An update for mysql is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1560 Final 1.0 1.0 2024-05-10 Initial 2024-05-10 2024-05-10 openEuler SA Tool V1.0 2024-05-10 mysql security update An update for mysql is now available for openEuler-22.03-LTS. The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates Security Fix(es): Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.(CVE-2023-6129) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20960) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20961) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20962) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20963) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20964) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20965) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20966) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-20967) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2024-20969) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20970) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20971) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20972) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20973) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20974) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20976) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20977) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20978) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20981) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20982) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20984) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20985) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20993) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20994) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-20998) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2024-21000) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21008) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21009) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21013) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21047) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21054) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21055) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21057) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21060) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21061) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21062) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21069) Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).(CVE-2024-21096) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2024-21102) An update for mysql is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium mysql https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-6129 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20960 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20961 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20962 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20963 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20964 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20965 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20966 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20967 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20969 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20970 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20971 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20972 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20973 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20974 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20976 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20977 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20978 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20981 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20982 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20984 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20985 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20993 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20994 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-20998 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21000 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21008 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21009 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21013 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21047 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21054 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21055 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21057 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21060 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21061 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21062 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21069 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21096 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-21102 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2024-20960 https://nvd.nist.gov/vuln/detail/CVE-2024-20961 https://nvd.nist.gov/vuln/detail/CVE-2024-20962 https://nvd.nist.gov/vuln/detail/CVE-2024-20963 https://nvd.nist.gov/vuln/detail/CVE-2024-20964 https://nvd.nist.gov/vuln/detail/CVE-2024-20965 https://nvd.nist.gov/vuln/detail/CVE-2024-20966 https://nvd.nist.gov/vuln/detail/CVE-2024-20967 https://nvd.nist.gov/vuln/detail/CVE-2024-20969 https://nvd.nist.gov/vuln/detail/CVE-2024-20970 https://nvd.nist.gov/vuln/detail/CVE-2024-20971 https://nvd.nist.gov/vuln/detail/CVE-2024-20972 https://nvd.nist.gov/vuln/detail/CVE-2024-20973 https://nvd.nist.gov/vuln/detail/CVE-2024-20974 https://nvd.nist.gov/vuln/detail/CVE-2024-20976 https://nvd.nist.gov/vuln/detail/CVE-2024-20977 https://nvd.nist.gov/vuln/detail/CVE-2024-20978 https://nvd.nist.gov/vuln/detail/CVE-2024-20981 https://nvd.nist.gov/vuln/detail/CVE-2024-20982 https://nvd.nist.gov/vuln/detail/CVE-2024-20984 https://nvd.nist.gov/vuln/detail/CVE-2024-20985 https://nvd.nist.gov/vuln/detail/CVE-2024-20993 https://nvd.nist.gov/vuln/detail/CVE-2024-20994 https://nvd.nist.gov/vuln/detail/CVE-2024-20998 https://nvd.nist.gov/vuln/detail/CVE-2024-21000 https://nvd.nist.gov/vuln/detail/CVE-2024-21008 https://nvd.nist.gov/vuln/detail/CVE-2024-21009 https://nvd.nist.gov/vuln/detail/CVE-2024-21013 https://nvd.nist.gov/vuln/detail/CVE-2024-21047 https://nvd.nist.gov/vuln/detail/CVE-2024-21054 https://nvd.nist.gov/vuln/detail/CVE-2024-21055 https://nvd.nist.gov/vuln/detail/CVE-2024-21057 https://nvd.nist.gov/vuln/detail/CVE-2024-21060 https://nvd.nist.gov/vuln/detail/CVE-2024-21061 https://nvd.nist.gov/vuln/detail/CVE-2024-21062 https://nvd.nist.gov/vuln/detail/CVE-2024-21069 https://nvd.nist.gov/vuln/detail/CVE-2024-21096 https://nvd.nist.gov/vuln/detail/CVE-2024-21102 openEuler-22.03-LTS mysql-debuginfo-8.0.37-1.oe2203.aarch64.rpm mysql-libs-8.0.37-1.oe2203.aarch64.rpm mysql-debugsource-8.0.37-1.oe2203.aarch64.rpm mysql-devel-8.0.37-1.oe2203.aarch64.rpm mysql-config-8.0.37-1.oe2203.aarch64.rpm mysql-server-8.0.37-1.oe2203.aarch64.rpm mysql-common-8.0.37-1.oe2203.aarch64.rpm mysql-test-8.0.37-1.oe2203.aarch64.rpm mysql-help-8.0.37-1.oe2203.aarch64.rpm mysql-errmsg-8.0.37-1.oe2203.aarch64.rpm mysql-8.0.37-1.oe2203.aarch64.rpm mysql-8.0.37-1.oe2203.src.rpm mysql-devel-8.0.37-1.oe2203.x86_64.rpm mysql-errmsg-8.0.37-1.oe2203.x86_64.rpm mysql-test-8.0.37-1.oe2203.x86_64.rpm mysql-debugsource-8.0.37-1.oe2203.x86_64.rpm mysql-server-8.0.37-1.oe2203.x86_64.rpm mysql-help-8.0.37-1.oe2203.x86_64.rpm mysql-8.0.37-1.oe2203.x86_64.rpm mysql-libs-8.0.37-1.oe2203.x86_64.rpm mysql-common-8.0.37-1.oe2203.x86_64.rpm mysql-config-8.0.37-1.oe2203.x86_64.rpm mysql-debuginfo-8.0.37-1.oe2203.x86_64.rpm Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. 2024-05-10 CVE-2023-6129 openEuler-22.03-LTS Medium 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20960 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20961 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20962 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20963 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20964 openEuler-22.03-LTS Medium 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20965 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20966 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). 2024-05-10 CVE-2024-20967 openEuler-22.03-LTS Medium 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). 2024-05-10 CVE-2024-20969 openEuler-22.03-LTS Medium 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20970 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20971 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20972 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20973 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20974 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20976 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20977 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20978 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20981 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20982 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20984 openEuler-22.03-LTS Medium 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20985 openEuler-22.03-LTS Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20993 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20994 openEuler-22.03-LTS Medium 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-20998 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). 2024-05-10 CVE-2024-21000 openEuler-22.03-LTS Low 3.8 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21008 openEuler-22.03-LTS Medium 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21009 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21013 openEuler-22.03-LTS Medium 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21047 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21054 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21055 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21057 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21060 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21061 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21062 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21069 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). 2024-05-10 CVE-2024-21096 openEuler-22.03-LTS Medium 4.9 AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-05-10 CVE-2024-21102 openEuler-22.03-LTS Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1560