rpm package
almalinux/mysql-common
pkg:rpm/almalinux/mysql-common
Vulnerabilities (505)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-21522 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multipl | ||
| CVE-2025-21521 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access vi | ||
| CVE-2025-21520 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastru | ||
| CVE-2025-21519 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network a | ||
| CVE-2025-21518 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult | ||
| CVE-2025-21505 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network acce | ||
| CVE-2025-21504 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul | ||
| CVE-2025-21503 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2025-21501 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult | ||
| CVE-2025-21500 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult | ||
| CVE-2025-21497 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2025-21494 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to | ||
| CVE-2025-21491 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2025-21490 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-13176 | Med | 4.1 | < 8.4.6-1.module_el9.6.0+180+a4e757e5 | 8.4.6-1.module_el9.6.0+180+a4e757e5 | Jan 20, 2025 | Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measurin | |
| CVE-2024-11053 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Dec 11, 2024 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect | ||
| CVE-2024-21247 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul | ||
| CVE-2024-21241 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul | ||
| CVE-2024-21239 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-21238 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access v |
- CVE-2025-21522Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multipl
- CVE-2025-21521Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access vi
- CVE-2025-21520Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastru
- CVE-2025-21519Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network a
- CVE-2025-21518Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
- CVE-2025-21505Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network acce
- CVE-2025-21504Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul
- CVE-2025-21503Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2025-21501Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
- CVE-2025-21500Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
- CVE-2025-21497Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2025-21494Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to
- CVE-2025-21491Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2025-21490Jan 21, 2025affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- affected < 8.4.6-1.module_el9.6.0+180+a4e757e5fixed 8.4.6-1.module_el9.6.0+180+a4e757e5
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measurin
- CVE-2024-11053Dec 11, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect
- CVE-2024-21247Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul
- CVE-2024-21241Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul
- CVE-2024-21239Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2024-21238Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access v
Page 6 of 26