VYPR

rpm package

almalinux/mysql-common

pkg:rpm/almalinux/mysql-common

Vulnerabilities (505)

  • CVE-2024-21237Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network

  • CVE-2024-21236Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto

  • CVE-2024-21231Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via mult

  • CVE-2024-21230Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult

  • CVE-2024-21219Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple

  • CVE-2024-21218Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto

  • CVE-2024-21213Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where

  • CVE-2024-21212Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to c

  • CVE-2024-21203Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple

  • CVE-2024-21201Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul

  • CVE-2024-21199Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto

  • CVE-2024-21198Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple

  • CVE-2024-21197Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network acces

  • CVE-2024-21196Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi

  • CVE-2024-21194Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto

  • CVE-2024-21193Oct 15, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p

  • CVE-2024-7264Jul 31, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer t

  • CVE-2024-37371CriJun 28, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

  • CVE-2024-5535CriJun 27, 2024
    affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected appl

  • CVE-2024-2097HigMar 27, 2024
    affected < 8.0.36-1.el9_3fixed 8.0.36-1.el9_3

    An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.

Page 7 of 26