{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Update to MySQL 8.0.40\n- CVEs fixed:\n CVE-2024-21201 CVE-2024-21236 CVE-2024-21230 CVE-2024-21160 CVE-2024-21196\n CVE-2024-21239 CVE-2024-21173 CVE-2024-21193 CVE-2024-21159 CVE-2024-21135\n CVE-2024-20996 CVE-2024-21166 CVE-2024-21157 CVE-2024-21231 CVE-2024-21199\n CVE-2024-21207 CVE-2024-21194 CVE-2024-21238 CVE-2024-21218 CVE-2024-21203\n CVE-2024-21162 CVE-2024-21213 CVE-2024-21219 CVE-2024-21163 CVE-2024-21241\n CVE-2024-21125 CVE-2024-21134 CVE-2024-21130 CVE-2024-21198 CVE-2024-21142\n CVE-2024-21127 CVE-2024-21237 CVE-2024-21197 CVE-2024-21212 CVE-2024-21247\n CVE-2024-21129 CVE-2024-21200 CVE-2024-21171 CVE-2024-21165 CVE-2024-21137\n CVE-2024-21061 CVE-2024-21057 CVE-2024-21056 CVE-2024-21055 CVE-2024-21053\n CVE-2024-21052 CVE-2024-21051 CVE-2024-21050 CVE-2024-21049 CVE-2024-20993\n CVE-2024-20984 CVE-2024-20982 CVE-2024-20970 CVE-2024-20968 CVE-2024-20966\n CVE-2024-20964 CVE-2024-20962 CVE-2024-20960 CVE-2024-21179 CVE-2024-21185\n CVE-2024-21177 CVE-2024-20972 CVE-2024-20976 CVE-2024-20974 CVE-2024-20978\n CVE-2024-20981 CVE-2024-20969 CVE-2024-20985 CVE-2024-20965 CVE-2024-20967\n CVE-2024-20977 CVE-2024-20961 CVE-2024-20983 CVE-2024-20963 CVE-2024-20971\n CVE-2024-20973 CVE-2023-22103 CVE-2023-22070 CVE-2023-22114 CVE-2023-22079\n CVE-2023-22066 CVE-2023-22104 CVE-2023-22084 CVE-2023-22078 CVE-2023-22111\n CVE-2023-22064 CVE-2023-22113 CVE-2023-22097 CVE-2023-22065 CVE-2023-22092\n CVE-2023-22110 CVE-2023-22059 CVE-2023-22068 CVE-2023-22115 CVE-2023-22032\n CVE-2023-22112 CVE-2023-22033 CVE-2023-22048 CVE-2023-21950 CVE-2023-22058\n CVE-2023-22008 CVE-2023-22007 CVE-2023-22046 CVE-2023-22054 CVE-2023-22005\n CVE-2023-22056 CVE-2023-22038 CVE-2023-22053 CVE-2023-22057 CVE-2023-21935\n CVE-2023-21972 CVE-2023-21953 CVE-2023-21977 CVE-2023-21962 CVE-2023-21955\n CVE-2023-21946 CVE-2023-21920 CVE-2023-21919 CVE-2023-21980 CVE-2023-21929\n CVE-2023-21982 CVE-2023-21966 CVE-2023-21945 CVE-2023-21911 CVE-2023-21933\n CVE-2023-21976 CVE-2023-21940 CVE-2023-21947 CVE-2022-4899", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1739820848.json" } ], "tracking": { "current_release_date": "2026-05-12T21:44:33Z", "generator": { "date": "2026-05-12T21:44:33Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1739820848", "initial_release_date": "2025-02-17T14:34:10Z", "revision_history": [ { "date": "2025-02-17T14:34:10Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-12T21:44:33Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "mysql: Fix of 129 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-test@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-common@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-server@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-libs@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-devel@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-errmsg@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-22079", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22079" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20976", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20976" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22070", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22070" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21241", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21241" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22113", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22113" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-21061", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21061" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21236", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21236" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21239", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21239" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20969", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20969" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22104", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22104" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21057", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21057" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21125", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21125" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21197", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21197" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21946", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21946" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21920", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21920" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21238", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21238" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21127", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21127" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujul2024.html", "url": "https://www.oracle.com/security-alerts/cpujul2024.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240801-0001/", "url": "https://security.netapp.com/advisory/ntap-20240801-0001/" } ], "release_date": "2024-07-16T23:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22054", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22054" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21162", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21162" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21165", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21165" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22112", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22112" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22097", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22097" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22005", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22005" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21201", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21201" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21207", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21207" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21237", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21237" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-21177", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21177" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20978", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20978" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22114", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22114" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22110", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22110" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22066", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22066" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22048", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22048" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-21051", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21051" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21179", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21179" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21130", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21130" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21950", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21950" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21159", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21159" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21213", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21213" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2022-4899", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-4899" }, { "category": "external", "summary": "https://github.com/facebook/zstd/issues/3200", "url": "https://github.com/facebook/zstd/issues/3200" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230725-0005/", "url": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ], "release_date": "2023-03-31T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-21196", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21196" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21940", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21940" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22068", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22068" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22033", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22033" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22056", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22056" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21972", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21972" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21911", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21911" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20964", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20964" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20983", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20983" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21163", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21163" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21157", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21157" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22046", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22046" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21198", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21198" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21935", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21935" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21049", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21049" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21218", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21218" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22008", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22008" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21199", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21199" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20981", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20981" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21173", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21173" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21933", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21933" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21980", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21980" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-21160", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21160" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21185", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38, 8.4.1 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21185" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20985", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20985" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21212", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21212" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22064", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22064" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21200", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21200" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22115", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22115" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20965", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20965" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20973", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20973" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21231", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21231" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2023-21976", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21976" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21953", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21953" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21135", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21135" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20966", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20966" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21166", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21166" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21962", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21962" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20974", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20974" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20972", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20972" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20962", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20962" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21134", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21134" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21982", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21982" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22084", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22084" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22059", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22059" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20968", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20968" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21055", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21055" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21955", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21955" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22065", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22065" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22103", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22103" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21230", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21230" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21053", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21053" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21219", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21219" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2024.html", "url": "https://www.oracle.com/security-alerts/cpuoct2024.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241025-0006/", "url": "https://security.netapp.com/advisory/ntap-20241025-0006/" } ], "release_date": "2024-10-15T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20993", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20993" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21966", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21966" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20967", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20967" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20963", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20963" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21203", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21203" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2024.html", "url": "https://www.oracle.com/security-alerts/cpuoct2024.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241025-0006/", "url": "https://security.netapp.com/advisory/ntap-20241025-0006/" } ], "release_date": "2024-10-15T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21194", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21194" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21247", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21247" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-21193", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21193" } ], "release_date": "2024-10-15T19:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22053", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22053" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21056", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21056" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20970", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20970" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21052", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21052" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21129", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21129" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21947", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21947" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21945", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21945" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20961", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20961" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22007", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22007" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21929", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21929" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20982", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20982" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20960", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20960" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20971", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20971" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21137", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21137" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21142", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21142" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22058", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22058" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21050", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21050" } ], "release_date": "2024-04-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21977", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21977" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20977", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20977" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22032", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22032" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21171", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21171" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-20984", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20984" } ], "release_date": "2024-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-21919", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-21919" } ], "release_date": "2023-04-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22038", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22038" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-20996", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-20996" } ], "release_date": "2024-07-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22092", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22092" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22057", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22057" } ], "release_date": "2023-07-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22111", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22111" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-22078", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-22078" } ], "release_date": "2023-10-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-02-17T14:34:10Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1739820848" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }