An update for mysql is now available for openEuler-20.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1088
Final
1.0
1.0
2021-03-05
Initial
2021-03-05
2021-03-05
openEuler SA Tool V1.0
2021-03-05
mysql security update
An update for mysql is now available for openEuler-20.03-LTS.
The MySQL(TM) software delivers a very fast, multi-threaded, multi-user, and robust SQL (Structured Query Language) database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or its affiliates The MySQL software has Dual Licensing, which means you can use the MySQL software free of charge under the GNU General Public License (http://www.gnu.org/licenses/). You can also purchase commercial MySQL licenses from Oracle and/or its affiliates if you do not wish to be bound by the terms of the GPL.
Security Fix(es):
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.(CVE-2019-2991)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2966)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2963)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2998)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-3004)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2957)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2968)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-3018)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-3009)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.(CVE-2021-2019)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-3011)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2021-2009)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2021-2030)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2021-2055)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2021-2028)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2021-2016)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client.(CVE-2021-2006)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2021-2001)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data.(CVE-2021-2007)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.(CVE-2021-1998)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2021-2012)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.(CVE-2021-2042)
An update for mysql is now available for openEuler-20.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
mysql
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-2752
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-2991
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-2966
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-2963
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-2998
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-3004
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-2957
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-2968
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-3018
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-3009
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2019
https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-3011
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2009
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2030
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2055
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2028
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2016
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2006
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2001
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2007
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-1998
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2012
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-2042
https://nvd.nist.gov/vuln/detail/CVE-2020-2752
https://nvd.nist.gov/vuln/detail/CVE-2019-2991
https://nvd.nist.gov/vuln/detail/CVE-2019-2966
https://nvd.nist.gov/vuln/detail/CVE-2019-2963
https://nvd.nist.gov/vuln/detail/CVE-2019-2998
https://nvd.nist.gov/vuln/detail/CVE-2019-3004
https://nvd.nist.gov/vuln/detail/CVE-2019-2957
https://nvd.nist.gov/vuln/detail/CVE-2019-2968
https://nvd.nist.gov/vuln/detail/CVE-2019-3018
https://nvd.nist.gov/vuln/detail/CVE-2019-3009
https://nvd.nist.gov/vuln/detail/CVE-2021-2030
https://nvd.nist.gov/vuln/detail/CVE-2021-2019
https://nvd.nist.gov/vuln/detail/CVE-2021-2055
https://nvd.nist.gov/vuln/detail/CVE-2019-3011
https://nvd.nist.gov/vuln/detail/CVE-2021-2009
https://nvd.nist.gov/vuln/detail/CVE-2021-2030
https://nvd.nist.gov/vuln/detail/CVE-2021-2055
https://nvd.nist.gov/vuln/detail/CVE-2021-2028
https://nvd.nist.gov/vuln/detail/CVE-2021-2016
https://nvd.nist.gov/vuln/detail/CVE-2021-2006
https://nvd.nist.gov/vuln/detail/CVE-2021-2001
https://nvd.nist.gov/vuln/detail/CVE-2021-2007
https://nvd.nist.gov/vuln/detail/CVE-2021-1998
https://nvd.nist.gov/vuln/detail/CVE-2021-2012
https://nvd.nist.gov/vuln/detail/CVE-2021-2042
openEuler-20.03-LTS
mysql-8.0.22-3.oe1.aarch64.rpm
mysql-8.0.22-3.oe1.src.rpm
mysql-8.0.22-3.oe1.x86_64.rpm
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client.
2021-03-05
CVE-2020-2752
openEuler-20.03-LTS
Medium
5.3
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
2021-03-05
CVE-2019-2991
openEuler-20.03-LTS
Medium
5.5
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-2966
openEuler-20.03-LTS
Medium
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-2963
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-2998
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-3004
openEuler-20.03-LTS
Medium
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-2957
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-2968
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-3018
openEuler-20.03-LTS
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-3009
openEuler-20.03-LTS
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
2021-03-05
CVE-2021-2019
openEuler-20.03-LTS
Low
2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2019-3011
openEuler-20.03-LTS
Medium
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2021-2009
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2021-2030
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2021-2055
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2021-2028
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2021-2016
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client.
2021-03-05
CVE-2021-2006
openEuler-20.03-LTS
Medium
5.3
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2021-2001
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data.
2021-03-05
CVE-2021-2007
openEuler-20.03-LTS
Low
3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.
2021-03-05
CVE-2021-1998
openEuler-20.03-LTS
Low
3.8
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
2021-03-05
CVE-2021-2012
openEuler-20.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
2021-03-05
CVE-2021-2042
openEuler-20.03-LTS
Low
2.3
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
mysql security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1088