From 27525ca922a74d1df5c53c4d3ed1a1f07029919c Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Sun, 4 Feb 2024 00:31:54 +0100 Subject: [PATCH 1/5] Fix issue in Buffer Pool instead of Log Buffer Pool --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) mode change 100755 => 100644 mysqltuner.pl diff --git a/mysqltuner.pl b/mysqltuner.pl old mode 100755 new mode 100644 index f9c4dae9f..a088a1123 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -6282,11 +6282,11 @@ sub mysql_innodb { . hr_bytes( $myvar{'innodb_log_buffer_size'} ); } if ( defined $mystat{'Innodb_buffer_pool_pages_free'} ) { - infoprint " +-- InnoDB Log Buffer Free: " + infoprint " +-- InnoDB Buffer Free: " . hr_bytes( $mystat{'Innodb_buffer_pool_pages_free'} ) . ""; } if ( defined $mystat{'Innodb_buffer_pool_pages_total'} ) { - infoprint " +-- InnoDB Log Buffer Used: " + infoprint " +-- InnoDB Buffer Used: " . hr_bytes( $mystat{'Innodb_buffer_pool_pages_total'} ) . ""; } } From b3a776576e7e568143797d62b754d9f992ffd1db Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Sun, 4 Feb 2024 00:34:49 +0100 Subject: [PATCH 2/5] Two separate garb install script with or without SSL --- mysqltuner.pl | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 mysqltuner.pl diff --git a/mysqltuner.pl b/mysqltuner.pl old mode 100644 new mode 100755 From 30d1d9ecc61393ec807d2596ef8b5e178a4b52cd Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Tue, 6 Feb 2024 17:58:35 +0100 Subject: [PATCH 3/5] Generate 2.5.2 sub version at 2024-02-06T17:58:35+01:00 --- USAGE.md | 2 +- mysqltuner.pl | 104 +++++++++++++++++++++++++++++--------------------- 2 files changed, 62 insertions(+), 44 deletions(-) diff --git a/USAGE.md b/USAGE.md index d344d611a..c63d361b3 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 2.5.1 - MySQL High Performance Tuning Script + MySQLTuner 2.5.2 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES diff --git a/mysqltuner.pl b/mysqltuner.pl index a088a1123..8c0931d30 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,4 @@ -#!/usr/bin/env perl -# mysqltuner.pl - Version 2.5.1 +# mysqltuner.pl - Version 2.5.2 # High Performance MySQL Tuning Script # Copyright (C) 2015-2023 Jean-Marie Renouard - jmrenouard@gmail.com # Copyright (C) 2006-2023 Major Hayden - major@mhtx.net @@ -57,7 +56,7 @@ package main; #use Env; # Set up a few variables for use in the script -my $tunerversion = "2.5.1"; +my $tunerversion = "2.5.2"; my ( @adjvars, @generalrec ); # Set defaults @@ -197,7 +196,7 @@ package main; $opt{pass} = $opt{password} if ( $opt{pass} eq 0 and $opt{password} ne 0 ); if ( $opt{dumpdir} ne '' ) { - $opt{dumpdir} = abs_path( $opt{dumpdir} ); + $opt{dumpdir}= abs_path($opt{dumpdir}); if ( !-d $opt{dumpdir} ) { mkdir $opt{dumpdir} or die "Cannot create directory $opt{dumpdir}: $!"; } @@ -2526,7 +2525,7 @@ sub check_architecture { } elsif ( `uname` =~ /Darwin/ && `uname -m` =~ /x86_64/ ) { -# Darwin gibas.local 12.5.1 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 +# Darwin gibas.local 12.5.2 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 $arch = 64; goodprint "Operating on 64-bit architecture"; } @@ -3211,6 +3210,11 @@ sub calculations { $mystat{'Innodb_buffer_pool_pages_total'} ) if defined $mystat{'Innodb_buffer_pool_pages_total'}; + $mycalc{'innodb_buffer_alloc_pct'}=select_one( + "select round( 100* sum(allocated)/( select VARIABLE_VALUE ". + "FROM performance_schema.global_variables " . + "WHERE VARIABLE_NAME='innodb_buffer_pool_size' ) ,2)". + 'FROM sys.x\$innodb_buffer_stats_by_table;'); # Binlog Cache if ( $myvar{'log_bin'} ne 'OFF' ) { $mycalc{'pct_binlog_cache'} = percentage( @@ -6355,46 +6359,60 @@ sub mysql_innodb { . hr_bytes( $enginestats{'InnoDB'} ) . ") if possible." ); } + + # select round( 100* sum(allocated)/( select VARIABLE_VALUE + # FROM performance_schema.global_variables + # where VARIABLE_NAME='innodb_buffer_pool_size' ) + # ,2) as "PCT ALLOC/BUFFER POOL" + #from sys.x$innodb_buffer_stats_by_table; + + if ($mycalc{innodb_buffer_alloc_pct} < 80) { + badprint "Ratio Buffer Pool allocated / Buffer Pool Size: ". + $mycalc{'innodb_buffer_alloc_pct'} . '%'; + } else { + goodprint "Ratio Buffer Pool allocated / Buffer Pool Size: ". + $mycalc{'innodb_buffer_alloc_pct'} . '%'; + } if ( $mycalc{'innodb_log_size_pct'} < 20 or $mycalc{'innodb_log_size_pct'} > 30 ) { - if ( defined $myvar{'innodb_redo_log_capacity'} ) { - badprint - "Ratio InnoDB redo log capacity / InnoDB Buffer pool size (" - . $mycalc{'innodb_log_size_pct'} . "%): " - . hr_bytes( $myvar{'innodb_redo_log_capacity'} ) . " / " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) - . " should be equal to 25%"; - push( @adjvars, - "innodb_redo_log_capacity should be (=" - . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} / 4 ) - . ") if possible, so InnoDB Redo log Capacity equals 25% of buffer pool size." - ); - push( @generalrec, -"Be careful, increasing innodb_redo_log_capacity means higher crash recovery mean time" - ); - } - else { - badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" - . $mycalc{'innodb_log_size_pct'} . "%): " - . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " - . $myvar{'innodb_log_files_in_group'} . " / " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) - . " should be equal to 25%"; - push( - @adjvars, - "innodb_log_file_size should be (=" - . hr_bytes_rnd( - $myvar{'innodb_buffer_pool_size'} / - $myvar{'innodb_log_files_in_group'} / 4 - ) - . ") if possible, so InnoDB total log file size equals 25% of buffer pool size." - ); - push( @generalrec, -"Be careful, increasing innodb_log_file_size / innodb_log_files_in_group means higher crash recovery mean time" - ); - } - if ( mysql_version_le( 5, 6, 2 ) ) { + if ( defined $myvar{'innodb_redo_log_capacity'} ) { + badprint + "Ratio InnoDB redo log capacity / InnoDB Buffer pool size (" + . $mycalc{'innodb_log_size_pct'} . "%): " + . hr_bytes( $myvar{'innodb_redo_log_capacity'} ) . " / " + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) + . " should be equal to 25%"; + push( @adjvars, + "innodb_redo_log_capacity should be (=" + . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} / 4 ) + . ") if possible, so InnoDB Redo log Capacity equals 25% of buffer pool size." + ); + push( @generalrec, + "Be careful, increasing innodb_redo_log_capacity means higher crash recovery mean time" + ); + } + else { + badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" + . $mycalc{'innodb_log_size_pct'} . "%): " + . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " + . $myvar{'innodb_log_files_in_group'} . " / " + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) + . " should be equal to 25%"; + push( + @adjvars, + "innodb_log_file_size should be (=" + . hr_bytes_rnd( + $myvar{'innodb_buffer_pool_size'} / + $myvar{'innodb_log_files_in_group'} / 4 + ) + . ") if possible, so InnoDB total log file size equals 25% of buffer pool size." + ); + push( @generalrec, + "Be careful, increasing innodb_log_file_size / innodb_log_files_in_group means higher crash recovery mean time" + ); + } + if ( mysql_version_le( 5, 6, 2 ) ) { push( @generalrec, "For MySQL 5.6.2 and lower, total innodb_log_file_size should have a ceiling of (4096MB / log files in group) - 1MB." ); @@ -7371,7 +7389,7 @@ sub which { =head1 NAME - MySQLTuner 2.5.1 - MySQL High Performance Tuning Script + MySQLTuner 2.5.2 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From dd2ed7264295a6d328c59c7c395eeb9be933fdde Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Tue, 6 Feb 2024 17:58:57 +0100 Subject: [PATCH 4/5] Indenting mysqltuner at 2024-02-06T17:58:52+01:00 --- mysqltuner.pl | 166 ++++++++++++++++++++++++++------------------------ 1 file changed, 88 insertions(+), 78 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 8c0931d30..3a755318e 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -196,7 +196,7 @@ package main; $opt{pass} = $opt{password} if ( $opt{pass} eq 0 and $opt{password} ne 0 ); if ( $opt{dumpdir} ne '' ) { - $opt{dumpdir}= abs_path($opt{dumpdir}); + $opt{dumpdir} = abs_path( $opt{dumpdir} ); if ( !-d $opt{dumpdir} ) { mkdir $opt{dumpdir} or die "Cannot create directory $opt{dumpdir}: $!"; } @@ -237,8 +237,9 @@ package main; if ( not defined( $opt{structstat} ) or $opt{nostructstat} == 1 ) ; # Don't print table struct information $opt{myisamstat} = 1 - if ( not defined( $opt{myisamstat} )); -$opt{myisamstat} = 0 if ($opt{nomyisamstat} == 1 ); # Don't print MyISAM table information + if ( not defined( $opt{myisamstat} ) ); +$opt{myisamstat} = 0 + if ( $opt{nomyisamstat} == 1 ); # Don't print MyISAM table information # for RPM distributions $opt{cvefile} = "/usr/share/mysqltuner/vulnerabilities.csv" @@ -814,7 +815,8 @@ sub mysql_setup { if ( $opt{socket} ne 0 ) { if ( $opt{port} ne 0 ) { $remotestring = " -S $opt{socket} -P $opt{port}"; - } else { + } + else { $remotestring = " -S $opt{socket}"; } } @@ -1579,7 +1581,9 @@ sub log_file_recommendations { $numLi++; debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i and $logLi !~ /Logging to/; - $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /(Logging to|\[Warning\].*ERROR_FOR_DIVISION_BY_ZERO)/; + $nbErrLog++ + if $logLi =~ /error/i + and $logLi !~ /(Logging to|\[Warning\].*ERROR_FOR_DIVISION_BY_ZERO)/; $nbWarnLog++ if $logLi =~ /warning/i; push @lastShutdowns, $logLi if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; @@ -3179,7 +3183,7 @@ sub calculations { unless defined $mystat{'Innodb_buffer_pool_reads'}; $mycalc{'pct_read_efficiency'} = percentage( $mystat{'Innodb_buffer_pool_read_requests'}, - ( + ( $mystat{'Innodb_buffer_pool_read_requests'} + $mystat{'Innodb_buffer_pool_reads'} ) @@ -3210,11 +3214,12 @@ sub calculations { $mystat{'Innodb_buffer_pool_pages_total'} ) if defined $mystat{'Innodb_buffer_pool_pages_total'}; - $mycalc{'innodb_buffer_alloc_pct'}=select_one( - "select round( 100* sum(allocated)/( select VARIABLE_VALUE ". - "FROM performance_schema.global_variables " . - "WHERE VARIABLE_NAME='innodb_buffer_pool_size' ) ,2)". - 'FROM sys.x\$innodb_buffer_stats_by_table;'); + $mycalc{'innodb_buffer_alloc_pct'} = select_one( + "select round( 100* sum(allocated)/( select VARIABLE_VALUE " + . "FROM performance_schema.global_variables " + . "WHERE VARIABLE_NAME='innodb_buffer_pool_size' ) ,2)" + . 'FROM sys.x\$innodb_buffer_stats_by_table;' ); + # Binlog Cache if ( $myvar{'log_bin'} ne 'OFF' ) { $mycalc{'pct_binlog_cache'} = percentage( @@ -6360,59 +6365,60 @@ sub mysql_innodb { . ") if possible." ); } - # select round( 100* sum(allocated)/( select VARIABLE_VALUE - # FROM performance_schema.global_variables - # where VARIABLE_NAME='innodb_buffer_pool_size' ) - # ,2) as "PCT ALLOC/BUFFER POOL" - #from sys.x$innodb_buffer_stats_by_table; + # select round( 100* sum(allocated)/( select VARIABLE_VALUE + # FROM performance_schema.global_variables + # where VARIABLE_NAME='innodb_buffer_pool_size' ) + # ,2) as "PCT ALLOC/BUFFER POOL" + #from sys.x$innodb_buffer_stats_by_table; - if ($mycalc{innodb_buffer_alloc_pct} < 80) { - badprint "Ratio Buffer Pool allocated / Buffer Pool Size: ". - $mycalc{'innodb_buffer_alloc_pct'} . '%'; - } else { - goodprint "Ratio Buffer Pool allocated / Buffer Pool Size: ". - $mycalc{'innodb_buffer_alloc_pct'} . '%'; + if ( $mycalc{innodb_buffer_alloc_pct} < 80 ) { + badprint "Ratio Buffer Pool allocated / Buffer Pool Size: " + . $mycalc{'innodb_buffer_alloc_pct'} . '%'; + } + else { + goodprint "Ratio Buffer Pool allocated / Buffer Pool Size: " + . $mycalc{'innodb_buffer_alloc_pct'} . '%'; } if ( $mycalc{'innodb_log_size_pct'} < 20 or $mycalc{'innodb_log_size_pct'} > 30 ) { - if ( defined $myvar{'innodb_redo_log_capacity'} ) { - badprint - "Ratio InnoDB redo log capacity / InnoDB Buffer pool size (" - . $mycalc{'innodb_log_size_pct'} . "%): " - . hr_bytes( $myvar{'innodb_redo_log_capacity'} ) . " / " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) - . " should be equal to 25%"; - push( @adjvars, - "innodb_redo_log_capacity should be (=" - . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} / 4 ) - . ") if possible, so InnoDB Redo log Capacity equals 25% of buffer pool size." - ); - push( @generalrec, - "Be careful, increasing innodb_redo_log_capacity means higher crash recovery mean time" - ); - } - else { - badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" - . $mycalc{'innodb_log_size_pct'} . "%): " - . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " - . $myvar{'innodb_log_files_in_group'} . " / " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) - . " should be equal to 25%"; - push( - @adjvars, - "innodb_log_file_size should be (=" - . hr_bytes_rnd( - $myvar{'innodb_buffer_pool_size'} / - $myvar{'innodb_log_files_in_group'} / 4 - ) - . ") if possible, so InnoDB total log file size equals 25% of buffer pool size." - ); - push( @generalrec, - "Be careful, increasing innodb_log_file_size / innodb_log_files_in_group means higher crash recovery mean time" - ); - } - if ( mysql_version_le( 5, 6, 2 ) ) { + if ( defined $myvar{'innodb_redo_log_capacity'} ) { + badprint + "Ratio InnoDB redo log capacity / InnoDB Buffer pool size (" + . $mycalc{'innodb_log_size_pct'} . "%): " + . hr_bytes( $myvar{'innodb_redo_log_capacity'} ) . " / " + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) + . " should be equal to 25%"; + push( @adjvars, + "innodb_redo_log_capacity should be (=" + . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} / 4 ) + . ") if possible, so InnoDB Redo log Capacity equals 25% of buffer pool size." + ); + push( @generalrec, +"Be careful, increasing innodb_redo_log_capacity means higher crash recovery mean time" + ); + } + else { + badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" + . $mycalc{'innodb_log_size_pct'} . "%): " + . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " + . $myvar{'innodb_log_files_in_group'} . " / " + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) + . " should be equal to 25%"; + push( + @adjvars, + "innodb_log_file_size should be (=" + . hr_bytes_rnd( + $myvar{'innodb_buffer_pool_size'} / + $myvar{'innodb_log_files_in_group'} / 4 + ) + . ") if possible, so InnoDB total log file size equals 25% of buffer pool size." + ); + push( @generalrec, +"Be careful, increasing innodb_log_file_size / innodb_log_files_in_group means higher crash recovery mean time" + ); + } + if ( mysql_version_le( 5, 6, 2 ) ) { push( @generalrec, "For MySQL 5.6.2 and lower, total innodb_log_file_size should have a ceiling of (4096MB / log files in group) - 1MB." ); @@ -6533,7 +6539,8 @@ sub mysql_innodb { . $mycalc{'pct_read_efficiency'} . "% (" . $mystat{'Innodb_buffer_pool_read_requests'} . " hits / " - . ( $mystat{'Innodb_buffer_pool_reads'} + $mystat{'Innodb_buffer_pool_read_requests'} ) + . ( $mystat{'Innodb_buffer_pool_reads'} + + $mystat{'Innodb_buffer_pool_read_requests'} ) . " total)"; } else { @@ -6541,7 +6548,8 @@ sub mysql_innodb { . $mycalc{'pct_read_efficiency'} . "% (" . $mystat{'Innodb_buffer_pool_read_requests'} . " hits / " - . ( $mystat{'Innodb_buffer_pool_reads'} + $mystat{'Innodb_buffer_pool_read_requests'} ) + . ( $mystat{'Innodb_buffer_pool_reads'} + + $mystat{'Innodb_buffer_pool_read_requests'} ) . " total)"; } @@ -6557,7 +6565,7 @@ sub mysql_innodb { . $mystat{'Innodb_log_write_requests'} . " total)"; push( @adjvars, - "innodb_log_buffer_size (> " + "innodb_log_buffer_size (> " . hr_bytes_rnd( $myvar{'innodb_log_buffer_size'} ) . ")" ); } @@ -6709,20 +6717,21 @@ sub mysql_databases { percentage( $totaldbinfo[2], $totaldbinfo[3] ) . "%"; $result{'Databases'}{'All databases'}{'Total Size'} = $totaldbinfo[3]; print "\n" unless ( $opt{'silent'} or $opt{'json'} ); - my $nbViews=0; - my $nbTables=0; + my $nbViews = 0; + my $nbTables = 0; + foreach (@dblist) { my @dbinfo = split /\s/, select_one( "SELECT TABLE_SCHEMA, SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH), SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(DISTINCT ENGINE), COUNT(TABLE_NAME), COUNT(DISTINCT(TABLE_COLLATION)), COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_' GROUP BY TABLE_SCHEMA ORDER BY TABLE_SCHEMA" ); next unless defined $dbinfo[0]; - - infoprint "Database: " . $dbinfo[0] . ""; - $nbTables=select_one( + + infoprint "Database: " . $dbinfo[0] . ""; + $nbTables = select_one( "SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='BASE TABLE' AND TABLE_SCHEMA='$_'" - ); - infoprint " +-- TABLE : $nbTables"; + ); + infoprint " +-- TABLE : $nbTables"; infoprint " +-- VIEW : " . select_one( "SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='VIEW' AND TABLE_SCHEMA='$_'" @@ -6778,10 +6787,10 @@ sub mysql_databases { ) . " TABLE(s)"; } - if ( $nbTables == 0 ) { - badprint " No table in $dbinfo[0] database"; - next; - } + if ( $nbTables == 0 ) { + badprint " No table in $dbinfo[0] database"; + next; + } badprint "Index size is larger than data size for $dbinfo[0] \n" if ( $dbinfo[2] ne 'NULL' ) and ( $dbinfo[3] ne 'NULL' ) @@ -6792,7 +6801,7 @@ sub mysql_databases { . " storage engines. Be careful. \n"; push @generalrec, "Select one storage engine (InnoDB is a good choice) for all tables in $dbinfo[0] database ($dbinfo[5] engines detected)"; - } + } $result{'Databases'}{ $dbinfo[0] }{'Rows'} = $dbinfo[1]; $result{'Databases'}{ $dbinfo[0] }{'Tables'} = $dbinfo[6]; $result{'Databases'}{ $dbinfo[0] }{'Collations'} = $dbinfo[7]; @@ -7096,12 +7105,13 @@ sub mysql_indexes { infoprint " +-- COMMENT : " . $info[5] if defined $info[5]; $found++; } - my $nbTables=select_one( + my $nbTables = select_one( "SELECT count(*) from information_schema.TABLES WHERE TABLE_TYPE ='BASE TABLE' AND TABLE_SCHEMA='$dbname'" - ); - badprint "No index found for $dbname database" if $found == 0 and $nbTables>1; + ); + badprint "No index found for $dbname database" + if $found == 0 and $nbTables > 1; push @generalrec, "Add indexes on tables from $dbname database" - if $found == 0 and $nbTables>1; + if $found == 0 and $nbTables > 1; } return unless ( defined( $myvar{'performance_schema'} ) From 4fdd80139269691828c0a27ff583b2ee49987451 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Tue, 6 Feb 2024 18:00:04 +0100 Subject: [PATCH 5/5] Generate CVE list at 2024-02-06T17:59:02+01:00 --- vulnerabilities.csv | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) mode change 100644 => 100755 vulnerabilities.csv diff --git a/vulnerabilities.csv b/vulnerabilities.csv old mode 100644 new mode 100755 index 9c63495f6..708b8e172 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1707,7 +1707,7 @@ 10.6.3;10;6;3;CVE-2022-27458;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28099 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 2.1.1;2;1;1;CVE-2022-31026;Candidate;"Trilogy is a client library for MySQL. When authenticating; a malicious server could return a specially crafted authentication packet; causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.";"CONFIRM:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | URL:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | MISC:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962 | URL:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962";Assigned (20220518);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-34968;Candidate;"An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.";"MISC:https://jira.percona.com/browse/PS-8294";Assigned (20220704);"None (candidate not yet proposed)";"" -6.5.0;6;5;0;CVE-2022-35866;Candidate;"This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.";"MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-959/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-959/";Assigned (20220714);"None (candidate not yet proposed)";"" +6.5.0;6;5;0;CVE-2022-35866;Candidate;"This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.";"FULLDISC:20240126 [Full Disclosure] CVE-2024-22901: Default MYSQL Credentials in Vinchin Backup & Recovery v7.2 and Earlier | URL:http://seclists.org/fulldisclosure/2024/Jan/30 | MISC:http://packetstormsecurity.com/files/176794/Vinchin-Backup-And-Recovery-7.2-Default-MySQL-Credentials.html | MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-959/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-959/";Assigned (20220714);"None (candidate not yet proposed)";"" 1.15.2;1;15;2;CVE-2022-39312;Candidate;"Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease; the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`; the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server; the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability; the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue.";"CONFIRM:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | URL:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | MISC:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | URL:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | MISC:https://github.com/dataease/dataease/pull/3328 | URL:https://github.com/dataease/dataease/pull/3328 | MISC:https://github.com/dataease/dataease/releases/tag/v1.15.2 | URL:https://github.com/dataease/dataease/releases/tag/v1.15.2";Assigned (20220902);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-39400;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" @@ -1804,9 +1804,9 @@ 8.0.34;8;0;34;CVE-2023-22078;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22078;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22079;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" -5.7.43;5;7;43;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" -8.0.34;8;0;34;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" -8.1.0;8;1;0;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" +5.7.43;5;7;43;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.0.34;8;0;34;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" +8.1.0;8;1;0;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22092;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 1.6.8;1;6;8;CVE-2023-22094;Candidate;"Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer; attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2023-22094;Candidate;"Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer; attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" @@ -1842,3 +1842,25 @@ 15.0.0;15;0;0;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 2.37.0;2;37;0;CVE-2023-34409;Candidate;"In Percona Monitoring and Management (PMM) server 2.x before 2.37.1; the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user; when a crafted POST request is made against unauthenticated API routes; to access otherwise protected API routes leading to escalation of privileges and information disclosure.";"MISC:https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/";Assigned (20230605);"None (candidate not yet proposed)";"" 14.49.0;14;49;0;CVE-2023-46127;Candidate;"Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.";"MISC:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | URL:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | MISC:https://github.com/frappe/frappe/pull/22339 | URL:https://github.com/frappe/frappe/pull/22339 | MISC:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98 | URL:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98";Assigned (20231016);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20961;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20961;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20965;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20965;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20967;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20967;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20971;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20971;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20973;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20973;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20975;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20977;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20977;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20981;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20981;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.34;8;0;34;CVE-2024-20983;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.0.35;8;0;35;CVE-2024-20985;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" +8.2.0;8;2;0;CVE-2024-20985;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";""