An update for mysql5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1682
Final
1.0
1.0
2022-05-28
Initial
2022-05-28
2022-05-28
openEuler SA Tool V1.0
2022-05-28
mysql5 security update
An update for mysql5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.
Security Fix(es):
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21451)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21417)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2021-2226)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21444)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21460)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21427)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2022-21454)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2022-21245)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2202)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2171)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2022)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2179)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2174)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2194)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2021-2032)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2021-2160)
An update for mysql5 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
mysql5
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1682
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-21460
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-21451
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-21417
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-21444
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2226
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-21427
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-21454
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-21245
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2202
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2171
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2022
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2179
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2174
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2194
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2032
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-2160
https://nvd.nist.gov/vuln/detail/CVE-2022-21460
https://nvd.nist.gov/vuln/detail/CVE-2022-21451
https://nvd.nist.gov/vuln/detail/CVE-2022-21417
https://nvd.nist.gov/vuln/detail/CVE-2022-21444
https://nvd.nist.gov/vuln/detail/CVE-2021-2226
https://nvd.nist.gov/vuln/detail/CVE-2022-21427
https://nvd.nist.gov/vuln/detail/CVE-2022-21454
https://nvd.nist.gov/vuln/detail/CVE-2022-21245
https://nvd.nist.gov/vuln/detail/CVE-2021-2202
https://nvd.nist.gov/vuln/detail/CVE-2021-2171
https://nvd.nist.gov/vuln/detail/CVE-2021-2022
https://nvd.nist.gov/vuln/detail/CVE-2021-2179
https://nvd.nist.gov/vuln/detail/CVE-2021-2174
https://nvd.nist.gov/vuln/detail/CVE-2021-2194
https://nvd.nist.gov/vuln/detail/CVE-2021-2032
https://nvd.nist.gov/vuln/detail/CVE-2021-2160
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
mysql5-5.7.38-1.oe1.aarch64.rpm
mysql5-common-5.7.38-1.oe1.aarch64.rpm
mysql5-debuginfo-5.7.38-1.oe1.aarch64.rpm
mysql5-debugsource-5.7.38-1.oe1.aarch64.rpm
mysql5-devel-5.7.38-1.oe1.aarch64.rpm
mysql5-embedded-5.7.38-1.oe1.aarch64.rpm
mysql5-embedded-devel-5.7.38-1.oe1.aarch64.rpm
mysql5-errmsg-5.7.38-1.oe1.aarch64.rpm
mysql5-libs-5.7.38-1.oe1.aarch64.rpm
mysql5-server-5.7.38-1.oe1.aarch64.rpm
mysql5-test-5.7.38-1.oe1.aarch64.rpm
mysql5-5.7.38-1.oe1.aarch64.rpm
mysql5-common-5.7.38-1.oe1.aarch64.rpm
mysql5-debuginfo-5.7.38-1.oe1.aarch64.rpm
mysql5-debugsource-5.7.38-1.oe1.aarch64.rpm
mysql5-devel-5.7.38-1.oe1.aarch64.rpm
mysql5-embedded-5.7.38-1.oe1.aarch64.rpm
mysql5-embedded-devel-5.7.38-1.oe1.aarch64.rpm
mysql5-errmsg-5.7.38-1.oe1.aarch64.rpm
mysql5-libs-5.7.38-1.oe1.aarch64.rpm
mysql5-server-5.7.38-1.oe1.aarch64.rpm
mysql5-test-5.7.38-1.oe1.aarch64.rpm
mysql5-5.7.38-1.oe2203.aarch64.rpm
mysql5-common-5.7.38-1.oe2203.aarch64.rpm
mysql5-debuginfo-5.7.38-1.oe2203.aarch64.rpm
mysql5-debugsource-5.7.38-1.oe2203.aarch64.rpm
mysql5-devel-5.7.38-1.oe2203.aarch64.rpm
mysql5-embedded-5.7.38-1.oe2203.aarch64.rpm
mysql5-embedded-devel-5.7.38-1.oe2203.aarch64.rpm
mysql5-errmsg-5.7.38-1.oe2203.aarch64.rpm
mysql5-libs-5.7.38-1.oe2203.aarch64.rpm
mysql5-server-5.7.38-1.oe2203.aarch64.rpm
mysql5-test-5.7.38-1.oe2203.aarch64.rpm
mysql5-5.7.38-1.oe1.src.rpm
mysql5-5.7.38-1.oe1.src.rpm
mysql5-5.7.38-1.oe2203.src.rpm
mysql5-5.7.38-1.oe1.x86_64.rpm
mysql5-common-5.7.38-1.oe1.x86_64.rpm
mysql5-debuginfo-5.7.38-1.oe1.x86_64.rpm
mysql5-debugsource-5.7.38-1.oe1.x86_64.rpm
mysql5-devel-5.7.38-1.oe1.x86_64.rpm
mysql5-embedded-5.7.38-1.oe1.x86_64.rpm
mysql5-embedded-devel-5.7.38-1.oe1.x86_64.rpm
mysql5-errmsg-5.7.38-1.oe1.x86_64.rpm
mysql5-libs-5.7.38-1.oe1.x86_64.rpm
mysql5-server-5.7.38-1.oe1.x86_64.rpm
mysql5-test-5.7.38-1.oe1.x86_64.rpm
mysql5-5.7.38-1.oe1.x86_64.rpm
mysql5-common-5.7.38-1.oe1.x86_64.rpm
mysql5-debuginfo-5.7.38-1.oe1.x86_64.rpm
mysql5-debugsource-5.7.38-1.oe1.x86_64.rpm
mysql5-devel-5.7.38-1.oe1.x86_64.rpm
mysql5-embedded-5.7.38-1.oe1.x86_64.rpm
mysql5-embedded-devel-5.7.38-1.oe1.x86_64.rpm
mysql5-errmsg-5.7.38-1.oe1.x86_64.rpm
mysql5-libs-5.7.38-1.oe1.x86_64.rpm
mysql5-server-5.7.38-1.oe1.x86_64.rpm
mysql5-test-5.7.38-1.oe1.x86_64.rpm
mysql5-5.7.38-1.oe2203.x86_64.rpm
mysql5-common-5.7.38-1.oe2203.x86_64.rpm
mysql5-debuginfo-5.7.38-1.oe2203.x86_64.rpm
mysql5-debugsource-5.7.38-1.oe2203.x86_64.rpm
mysql5-devel-5.7.38-1.oe2203.x86_64.rpm
mysql5-embedded-5.7.38-1.oe2203.x86_64.rpm
mysql5-embedded-devel-5.7.38-1.oe2203.x86_64.rpm
mysql5-errmsg-5.7.38-1.oe2203.x86_64.rpm
mysql5-libs-5.7.38-1.oe2203.x86_64.rpm
mysql5-server-5.7.38-1.oe2203.x86_64.rpm
mysql5-test-5.7.38-1.oe2203.x86_64.rpm
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts).
2022-05-28
CVE-2022-21451
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1682
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2022-21417
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
4.9
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1682
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
2022-05-28
CVE-2021-2226
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.9
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1682
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2022-21444
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1682
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2022-21460
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1682
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2022-21427
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2022-21454
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
2022-05-28
CVE-2022-21245
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2021-2202
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2021-2171
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2021-2022
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2021-2179
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2021-2174
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2021-2194
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
2022-05-28
CVE-2021-2032
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
2022-05-28
CVE-2021-2160
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
Medium
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
mysql5 security update
2022-05-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1678