rpm package
almalinux/mysql-common
pkg:rpm/almalinux/mysql-common
Vulnerabilities (505)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-21237 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network | ||
| CVE-2024-21236 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-21231 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via mult | ||
| CVE-2024-21230 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult | ||
| CVE-2024-21219 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple | ||
| CVE-2024-21218 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-21213 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where | ||
| CVE-2024-21212 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to c | ||
| CVE-2024-21203 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple | ||
| CVE-2024-21201 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul | ||
| CVE-2024-21199 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-21198 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple | ||
| CVE-2024-21197 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network acces | ||
| CVE-2024-21196 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi | ||
| CVE-2024-21194 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-21193 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Oct 15, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p | ||
| CVE-2024-7264 | — | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jul 31, 2024 | libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer t | ||
| CVE-2024-37371 | Cri | 9.1 | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jun 28, 2024 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. | |
| CVE-2024-5535 | Cri | 9.1 | < 8.0.41-2.el9_5 | 8.0.41-2.el9_5 | Jun 27, 2024 | Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected appl | |
| CVE-2024-2097 | Hig | 7.5 | < 8.0.36-1.el9_3 | 8.0.36-1.el9_3 | Mar 27, 2024 | An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools. |
- CVE-2024-21237Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network
- CVE-2024-21236Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2024-21231Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via mult
- CVE-2024-21230Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
- CVE-2024-21219Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple
- CVE-2024-21218Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2024-21213Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where
- CVE-2024-21212Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to c
- CVE-2024-21203Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple
- CVE-2024-21201Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul
- CVE-2024-21199Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2024-21198Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple
- CVE-2024-21197Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network acces
- CVE-2024-21196Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi
- CVE-2024-21194Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2024-21193Oct 15, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p
- CVE-2024-7264Jul 31, 2024affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer t
- affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
- affected < 8.0.41-2.el9_5fixed 8.0.41-2.el9_5
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected appl
- affected < 8.0.36-1.el9_3fixed 8.0.36-1.el9_3
An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools.
Page 7 of 26