diff --git a/USAGE.md b/USAGE.md index d344d611a..c63d361b3 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 2.5.1 - MySQL High Performance Tuning Script + MySQLTuner 2.5.2 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES diff --git a/mysqltuner.pl b/mysqltuner.pl index f9c4dae9f..3a755318e 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,4 @@ -#!/usr/bin/env perl -# mysqltuner.pl - Version 2.5.1 +# mysqltuner.pl - Version 2.5.2 # High Performance MySQL Tuning Script # Copyright (C) 2015-2023 Jean-Marie Renouard - jmrenouard@gmail.com # Copyright (C) 2006-2023 Major Hayden - major@mhtx.net @@ -57,7 +56,7 @@ package main; #use Env; # Set up a few variables for use in the script -my $tunerversion = "2.5.1"; +my $tunerversion = "2.5.2"; my ( @adjvars, @generalrec ); # Set defaults @@ -238,8 +237,9 @@ package main; if ( not defined( $opt{structstat} ) or $opt{nostructstat} == 1 ) ; # Don't print table struct information $opt{myisamstat} = 1 - if ( not defined( $opt{myisamstat} )); -$opt{myisamstat} = 0 if ($opt{nomyisamstat} == 1 ); # Don't print MyISAM table information + if ( not defined( $opt{myisamstat} ) ); +$opt{myisamstat} = 0 + if ( $opt{nomyisamstat} == 1 ); # Don't print MyISAM table information # for RPM distributions $opt{cvefile} = "/usr/share/mysqltuner/vulnerabilities.csv" @@ -815,7 +815,8 @@ sub mysql_setup { if ( $opt{socket} ne 0 ) { if ( $opt{port} ne 0 ) { $remotestring = " -S $opt{socket} -P $opt{port}"; - } else { + } + else { $remotestring = " -S $opt{socket}"; } } @@ -1580,7 +1581,9 @@ sub log_file_recommendations { $numLi++; debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i and $logLi !~ /Logging to/; - $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /(Logging to|\[Warning\].*ERROR_FOR_DIVISION_BY_ZERO)/; + $nbErrLog++ + if $logLi =~ /error/i + and $logLi !~ /(Logging to|\[Warning\].*ERROR_FOR_DIVISION_BY_ZERO)/; $nbWarnLog++ if $logLi =~ /warning/i; push @lastShutdowns, $logLi if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; @@ -2526,7 +2529,7 @@ sub check_architecture { } elsif ( `uname` =~ /Darwin/ && `uname -m` =~ /x86_64/ ) { -# Darwin gibas.local 12.5.1 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 +# Darwin gibas.local 12.5.2 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 $arch = 64; goodprint "Operating on 64-bit architecture"; } @@ -3180,7 +3183,7 @@ sub calculations { unless defined $mystat{'Innodb_buffer_pool_reads'}; $mycalc{'pct_read_efficiency'} = percentage( $mystat{'Innodb_buffer_pool_read_requests'}, - ( + ( $mystat{'Innodb_buffer_pool_read_requests'} + $mystat{'Innodb_buffer_pool_reads'} ) @@ -3211,6 +3214,12 @@ sub calculations { $mystat{'Innodb_buffer_pool_pages_total'} ) if defined $mystat{'Innodb_buffer_pool_pages_total'}; + $mycalc{'innodb_buffer_alloc_pct'} = select_one( + "select round( 100* sum(allocated)/( select VARIABLE_VALUE " + . "FROM performance_schema.global_variables " + . "WHERE VARIABLE_NAME='innodb_buffer_pool_size' ) ,2)" + . 'FROM sys.x\$innodb_buffer_stats_by_table;' ); + # Binlog Cache if ( $myvar{'log_bin'} ne 'OFF' ) { $mycalc{'pct_binlog_cache'} = percentage( @@ -6282,11 +6291,11 @@ sub mysql_innodb { . hr_bytes( $myvar{'innodb_log_buffer_size'} ); } if ( defined $mystat{'Innodb_buffer_pool_pages_free'} ) { - infoprint " +-- InnoDB Log Buffer Free: " + infoprint " +-- InnoDB Buffer Free: " . hr_bytes( $mystat{'Innodb_buffer_pool_pages_free'} ) . ""; } if ( defined $mystat{'Innodb_buffer_pool_pages_total'} ) { - infoprint " +-- InnoDB Log Buffer Used: " + infoprint " +-- InnoDB Buffer Used: " . hr_bytes( $mystat{'Innodb_buffer_pool_pages_total'} ) . ""; } } @@ -6355,6 +6364,21 @@ sub mysql_innodb { . hr_bytes( $enginestats{'InnoDB'} ) . ") if possible." ); } + + # select round( 100* sum(allocated)/( select VARIABLE_VALUE + # FROM performance_schema.global_variables + # where VARIABLE_NAME='innodb_buffer_pool_size' ) + # ,2) as "PCT ALLOC/BUFFER POOL" + #from sys.x$innodb_buffer_stats_by_table; + + if ( $mycalc{innodb_buffer_alloc_pct} < 80 ) { + badprint "Ratio Buffer Pool allocated / Buffer Pool Size: " + . $mycalc{'innodb_buffer_alloc_pct'} . '%'; + } + else { + goodprint "Ratio Buffer Pool allocated / Buffer Pool Size: " + . $mycalc{'innodb_buffer_alloc_pct'} . '%'; + } if ( $mycalc{'innodb_log_size_pct'} < 20 or $mycalc{'innodb_log_size_pct'} > 30 ) { @@ -6515,7 +6539,8 @@ sub mysql_innodb { . $mycalc{'pct_read_efficiency'} . "% (" . $mystat{'Innodb_buffer_pool_read_requests'} . " hits / " - . ( $mystat{'Innodb_buffer_pool_reads'} + $mystat{'Innodb_buffer_pool_read_requests'} ) + . ( $mystat{'Innodb_buffer_pool_reads'} + + $mystat{'Innodb_buffer_pool_read_requests'} ) . " total)"; } else { @@ -6523,7 +6548,8 @@ sub mysql_innodb { . $mycalc{'pct_read_efficiency'} . "% (" . $mystat{'Innodb_buffer_pool_read_requests'} . " hits / " - . ( $mystat{'Innodb_buffer_pool_reads'} + $mystat{'Innodb_buffer_pool_read_requests'} ) + . ( $mystat{'Innodb_buffer_pool_reads'} + + $mystat{'Innodb_buffer_pool_read_requests'} ) . " total)"; } @@ -6539,7 +6565,7 @@ sub mysql_innodb { . $mystat{'Innodb_log_write_requests'} . " total)"; push( @adjvars, - "innodb_log_buffer_size (> " + "innodb_log_buffer_size (> " . hr_bytes_rnd( $myvar{'innodb_log_buffer_size'} ) . ")" ); } @@ -6691,20 +6717,21 @@ sub mysql_databases { percentage( $totaldbinfo[2], $totaldbinfo[3] ) . "%"; $result{'Databases'}{'All databases'}{'Total Size'} = $totaldbinfo[3]; print "\n" unless ( $opt{'silent'} or $opt{'json'} ); - my $nbViews=0; - my $nbTables=0; + my $nbViews = 0; + my $nbTables = 0; + foreach (@dblist) { my @dbinfo = split /\s/, select_one( "SELECT TABLE_SCHEMA, SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH), SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(DISTINCT ENGINE), COUNT(TABLE_NAME), COUNT(DISTINCT(TABLE_COLLATION)), COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_' GROUP BY TABLE_SCHEMA ORDER BY TABLE_SCHEMA" ); next unless defined $dbinfo[0]; - - infoprint "Database: " . $dbinfo[0] . ""; - $nbTables=select_one( + + infoprint "Database: " . $dbinfo[0] . ""; + $nbTables = select_one( "SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='BASE TABLE' AND TABLE_SCHEMA='$_'" - ); - infoprint " +-- TABLE : $nbTables"; + ); + infoprint " +-- TABLE : $nbTables"; infoprint " +-- VIEW : " . select_one( "SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='VIEW' AND TABLE_SCHEMA='$_'" @@ -6760,10 +6787,10 @@ sub mysql_databases { ) . " TABLE(s)"; } - if ( $nbTables == 0 ) { - badprint " No table in $dbinfo[0] database"; - next; - } + if ( $nbTables == 0 ) { + badprint " No table in $dbinfo[0] database"; + next; + } badprint "Index size is larger than data size for $dbinfo[0] \n" if ( $dbinfo[2] ne 'NULL' ) and ( $dbinfo[3] ne 'NULL' ) @@ -6774,7 +6801,7 @@ sub mysql_databases { . " storage engines. Be careful. \n"; push @generalrec, "Select one storage engine (InnoDB is a good choice) for all tables in $dbinfo[0] database ($dbinfo[5] engines detected)"; - } + } $result{'Databases'}{ $dbinfo[0] }{'Rows'} = $dbinfo[1]; $result{'Databases'}{ $dbinfo[0] }{'Tables'} = $dbinfo[6]; $result{'Databases'}{ $dbinfo[0] }{'Collations'} = $dbinfo[7]; @@ -7078,12 +7105,13 @@ sub mysql_indexes { infoprint " +-- COMMENT : " . $info[5] if defined $info[5]; $found++; } - my $nbTables=select_one( + my $nbTables = select_one( "SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='BASE TABLE' AND TABLE_SCHEMA='$dbname'" - ); - badprint "No index found for $dbname database" if $found == 0 and $nbTables>1; + ); + badprint "No index found for $dbname database" + if $found == 0 and $nbTables > 1; push @generalrec, "Add indexes on tables from $dbname database" - if $found == 0 and $nbTables>1; + if $found == 0 and $nbTables > 1; } return unless ( defined( $myvar{'performance_schema'} ) @@ -7371,7 +7399,7 @@ sub which { =head1 NAME - MySQLTuner 2.5.1 - MySQL High Performance Tuning Script + MySQLTuner 2.5.2 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES diff --git a/vulnerabilities.csv b/vulnerabilities.csv old mode 100644 new mode 100755 index 9c63495f6..708b8e172 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1707,7 +1707,7 @@ 10.6.3;10;6;3;CVE-2022-27458;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28099 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 2.1.1;2;1;1;CVE-2022-31026;Candidate;"Trilogy is a client library for MySQL. When authenticating; a malicious server could return a specially crafted authentication packet; causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.";"CONFIRM:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | URL:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | MISC:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962 | URL:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962";Assigned (20220518);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-34968;Candidate;"An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.";"MISC:https://jira.percona.com/browse/PS-8294";Assigned (20220704);"None (candidate not yet proposed)";"" -6.5.0;6;5;0;CVE-2022-35866;Candidate;"This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.";"MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-959/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-959/";Assigned (20220714);"None (candidate not yet proposed)";"" +6.5.0;6;5;0;CVE-2022-35866;Candidate;"This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.";"FULLDISC:20240126 [Full Disclosure] CVE-2024-22901: Default MYSQL Credentials in Vinchin Backup & Recovery v7.2 and Earlier | URL:http://seclists.org/fulldisclosure/2024/Jan/30 | MISC:http://packetstormsecurity.com/files/176794/Vinchin-Backup-And-Recovery-7.2-Default-MySQL-Credentials.html | MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-959/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-959/";Assigned (20220714);"None (candidate not yet proposed)";"" 1.15.2;1;15;2;CVE-2022-39312;Candidate;"Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease; the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`; the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server; the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability; the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue.";"CONFIRM:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | URL:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | MISC:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | URL:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | MISC:https://github.com/dataease/dataease/pull/3328 | URL:https://github.com/dataease/dataease/pull/3328 | MISC:https://github.com/dataease/dataease/releases/tag/v1.15.2 | URL:https://github.com/dataease/dataease/releases/tag/v1.15.2";Assigned (20220902);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-39400;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" @@ -1804,9 +1804,9 @@ 8.0.34;8;0;34;CVE-2023-22078;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22078;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22079;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" -5.7.43;5;7;43;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" -8.0.34;8;0;34;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" -8.1.0;8;1;0;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +5.7.43;5;7;43;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.34;8;0;34;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.1.0;8;1;0;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22092;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 1.6.8;1;6;8;CVE-2023-22094;Candidate;"Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer; attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2023-22094;Candidate;"Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer; attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" @@ -1842,3 +1842,25 @@ 15.0.0;15;0;0;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 2.37.0;2;37;0;CVE-2023-34409;Candidate;"In Percona Monitoring and Management (PMM) server 2.x before 2.37.1; the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user; when a crafted POST request is made against unauthenticated API routes; to access otherwise protected API routes leading to escalation of privileges and information disclosure.";"MISC:https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/";Assigned (20230605);"None (candidate not yet proposed)";"" 14.49.0;14;49;0;CVE-2023-46127;Candidate;"Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.";"MISC:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | URL:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | MISC:https://github.com/frappe/frappe/pull/22339 | URL:https://github.com/frappe/frappe/pull/22339 | MISC:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98 | URL:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98";Assigned (20231016);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20961;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20961;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20965;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20965;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20967;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20967;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20971;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20971;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20973;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20973;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20975;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20977;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20977;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20981;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20981;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.34;8;0;34;CVE-2024-20983;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20985;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20985;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";""