Vulnerability-Lookup

CVE-2021-2042 (GCVE-0-2021-2042)

Vulnerability from cvelistv5 – Published: 2021-01-20 14:50 – Updated: 2024-09-26 18:36

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Severity ?

2.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

Assigner

oracle

References

URL

	Vendor	Product	Version
	Oracle Corporation	MySQL Server	Affected: 8.0.21 and prior

CNVD-2021-04756

Vulnerability from cnvd - Published: 2021-01-20

Title

Oracle MySQL Server存在未明漏洞（CNVD-2021-04756）

Description

Oracle MySQL是一个开源的关系型数据库管理系统。MySQL Server (mysqld)是MySQL服务器，是执行MySQL安装中大部分工作的主程序。 Oracle MySQL Server 8.0.21及更早版本中的InnoDB组件存在未明漏洞。攻击者可利用该漏洞影响机密性。

Severity

低

Patch Name

Oracle MySQL Server存在未明漏洞（CNVD-2021-04756）的补丁

Patch Description

Oracle MySQL是一个开源的关系型数据库管理系统。MySQL Server (mysqld)是MySQL服务器，是执行MySQL安装中大部分工作的主程序。 Oracle MySQL Server 8.0.21及更早版本中的InnoDB组件存在未明漏洞。攻击者可利用该漏洞影响机密性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.oracle.com/security-alerts/cpujan2021.html

Reference

https://www.oracle.com/security-alerts/cpujan2021.html

Impacted products

Name
Oracle MySQL Server <=8.0.21

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-2042",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-2042"
    }
  },
  "description": "Oracle MySQL\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002MySQL Server (mysqld)\u662fMySQL\u670d\u52a1\u5668\uff0c\u662f\u6267\u884cMySQL\u5b89\u88c5\u4e2d\u5927\u90e8\u5206\u5de5\u4f5c\u7684\u4e3b\u7a0b\u5e8f\u3002\n\nOracle MySQL Server 8.0.21\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684InnoDB\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u673a\u5bc6\u6027\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/security-alerts/cpujan2021.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-04756",
  "openTime": "2021-01-20",
  "patchDescription": "Oracle MySQL\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002MySQL Server (mysqld)\u662fMySQL\u670d\u52a1\u5668\uff0c\u662f\u6267\u884cMySQL\u5b89\u88c5\u4e2d\u5927\u90e8\u5206\u5de5\u4f5c\u7684\u4e3b\u7a0b\u5e8f\u3002\r\n\r\nOracle MySQL Server 8.0.21\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684InnoDB\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u673a\u5bc6\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-04756\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle MySQL Server \u003c=8.0.21"
  },
  "referenceLink": "https://www.oracle.com/security-alerts/cpujan2021.html",
  "serverity": "\u4f4e",
  "submitTime": "2021-01-20",
  "title": "Oracle MySQL Server\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-04756\uff09"
}

FKIE_CVE-2021-2042

Vulnerability from fkie_nvd - Published: 2021-01-20 15:15 - Updated: 2024-11-21 06:02

Severity ?

2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202105-27	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20210219-0003/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2021.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202105-27	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20210219-0003/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2021.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	mysql	*
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	snapcenter	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A885799-F19A-41B5-B015-B318ED959755",
              "versionEndIncluding": "8.0.21",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son 8.0.21 y anteriores.\u0026#xa0;Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante muy privilegiado con inicio de sesi\u00f3n en la infraestructura donde se ejecuta MySQL Server comprometer a MySQL Server.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Server.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 2.3 (Impactos de la Confidencialidad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)"
    }
  ],
  "id": "CVE-2021-2042",
  "lastModified": "2024-11-21T06:02:14.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-01-20T15:15:48.143",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-27"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210219-0003/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210219-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JPP8-6866-8F89

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-2042"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-20T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",
  "id": "GHSA-jpp8-6866-8f89",
  "modified": "2022-05-24T17:39:47Z",
  "published": "2022-05-24T17:39:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-2042"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202105-27"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210219-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2021-2042

Vulnerability from osv_almalinux

Published

2021-09-21 07:13

Modified

2021-09-21 07:13

Summary

Moderate: mysql:8.0 security, bug fix, and enhancement update

Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

The following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)

Security Fix(es):

mysql: Server: Stored Procedure multiple vulnerabilities (CVE-2020-14672, CVE-2021-2046, CVE-2021-2072, CVE-2021-2081, CVE-2021-2215, CVE-2021-2217, CVE-2021-2293, CVE-2021-2304, CVE-2021-2424)
mysql: Server: FTS multiple vulnerabilities (CVE-2020-14765, CVE-2020-14789, CVE-2020-14804)
mysql: Server: Optimizer multiple vulnerabilities (CVE-2020-14769, CVE-2020-14773, CVE-2020-14777, CVE-2020-14785, CVE-2020-14793, CVE-2020-14794, CVE-2020-14809, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14839, CVE-2020-14845, CVE-2020-14846, CVE-2020-14861, CVE-2020-14866, CVE-2020-14868, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2021, CVE-2021-2024, CVE-2021-2030, CVE-2021-2031, CVE-2021-2036, CVE-2021-2055, CVE-2021-2060, CVE-2021-2065, CVE-2021-2070, CVE-2021-2076, CVE-2021-2164, CVE-2021-2169, CVE-2021-2170, CVE-2021-2193, CVE-2021-2203, CVE-2021-2212, CVE-2021-2213, CVE-2021-2230, CVE-2021-2278, CVE-2021-2298, CVE-2021-2299, CVE-2021-2342, CVE-2021-2357, CVE-2021-2367, CVE-2021-2383, CVE-2021-2384, CVE-2021-2387, CVE-2021-2410, CVE-2021-2412, CVE-2021-2418, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2437, CVE-2021-2441, CVE-2021-2444)
mysql: InnoDB multiple vulnerabilities (CVE-2020-14775, CVE-2020-14776, CVE-2020-14821, CVE-2020-14829, CVE-2020-14848, CVE-2021-2022, CVE-2021-2028, CVE-2021-2048, CVE-2021-2174, CVE-2021-2180, CVE-2021-2194, CVE-2021-2372, CVE-2021-2374, CVE-2021-2389, CVE-2021-2390, CVE-2021-2429, CVE-2020-14791, CVE-2021-2042)
mysql: Server: PS multiple vulnerabilities (CVE-2020-14786, CVE-2020-14790, CVE-2020-14844, CVE-2021-2422)
mysql: Server: Security multiple vulnerabilities (CVE-2020-14800, CVE-2020-14838, CVE-2020-14860)
mysql: Server: Locking multiple vulnerabilities (CVE-2020-14812, CVE-2021-2058, CVE-2021-2402)
mysql: Server: DML multiple vulnerabilities (CVE-2020-14814, CVE-2020-14828, CVE-2021-2056, CVE-2021-2087, CVE-2021-2088, CVE-2021-2166, CVE-2021-2172, CVE-2021-2196, CVE-2021-2300, CVE-2021-2305, CVE-2021-2370, CVE-2021-2440)
mysql: Server: Charsets unspecified vulnerability (CVE-2020-14852)
mysql: Server: DDL multiple vulnerabilities (CVE-2020-14867, CVE-2021-2061, CVE-2021-2122, CVE-2021-2339, CVE-2021-2352, CVE-2021-2399)
mysql: Server: X Plugin unspecified vulnerability (CVE-2020-14870)
mysql: Server: Logging unspecified vulnerability (CVE-2020-14873)
mysql: Server: Replication multiple vulnerabilities (CVE-2021-2002, CVE-2021-2171, CVE-2021-2178, CVE-2021-2202, CVE-2021-2356, CVE-2021-2385)
mysql: C API multiple vulnerabilities (CVE-2021-2010, CVE-2021-2011)
mysql: Server: Components Services unspecified vulnerability (CVE-2021-2038)
mysql: Server: Options unspecified vulnerability (CVE-2021-2146)
mysql: Server: Group Replication Plugin multiple vulnerabilities (CVE-2021-2179, CVE-2021-2232)
mysql: Server: Partition multiple vulnerabilities (CVE-2021-2201, CVE-2021-2208)
mysql: Server: Information Schema multiple vulnerabilities (CVE-2021-2032, CVE-2021-2226, CVE-2021-2301, CVE-2021-2308)
mysql: Server: Packaging unspecified vulnerability (CVE-2021-2307)
mysql: Server: Federated unspecified vulnerability (CVE-2021-2354)
mysql: Server: GIS unspecified vulnerability (CVE-2021-2417)
mysql: Server: Memcached unspecified vulnerability (CVE-2021-2340)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Segfault and possible DoS with a crafted query (BZ#1996699)

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-1.module_el8.4.0+2532+b8928c02.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-1.module_el8.5.0+33+8bc5f36a.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic-EUCJP"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic-EUCJP"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-errmsg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-errmsg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mysql-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.26-1.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693)\n\nSecurity Fix(es):\n\n* mysql: Server: Stored Procedure multiple vulnerabilities (CVE-2020-14672, CVE-2021-2046, CVE-2021-2072, CVE-2021-2081, CVE-2021-2215, CVE-2021-2217, CVE-2021-2293, CVE-2021-2304, CVE-2021-2424)\n\n* mysql: Server: FTS multiple vulnerabilities (CVE-2020-14765, CVE-2020-14789, CVE-2020-14804)\n\n* mysql: Server: Optimizer multiple vulnerabilities (CVE-2020-14769, CVE-2020-14773, CVE-2020-14777, CVE-2020-14785, CVE-2020-14793, CVE-2020-14794, CVE-2020-14809, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14839, CVE-2020-14845, CVE-2020-14846, CVE-2020-14861, CVE-2020-14866, CVE-2020-14868, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2021, CVE-2021-2024, CVE-2021-2030, CVE-2021-2031, CVE-2021-2036, CVE-2021-2055, CVE-2021-2060, CVE-2021-2065, CVE-2021-2070, CVE-2021-2076, CVE-2021-2164, CVE-2021-2169, CVE-2021-2170, CVE-2021-2193, CVE-2021-2203, CVE-2021-2212, CVE-2021-2213, CVE-2021-2230, CVE-2021-2278, CVE-2021-2298, CVE-2021-2299, CVE-2021-2342, CVE-2021-2357, CVE-2021-2367, CVE-2021-2383, CVE-2021-2384, CVE-2021-2387, CVE-2021-2410, CVE-2021-2412, CVE-2021-2418, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2437, CVE-2021-2441, CVE-2021-2444)\n\n* mysql: InnoDB multiple vulnerabilities (CVE-2020-14775, CVE-2020-14776, CVE-2020-14821, CVE-2020-14829, CVE-2020-14848, CVE-2021-2022, CVE-2021-2028, CVE-2021-2048, CVE-2021-2174, CVE-2021-2180, CVE-2021-2194, CVE-2021-2372, CVE-2021-2374, CVE-2021-2389, CVE-2021-2390, CVE-2021-2429, CVE-2020-14791, CVE-2021-2042)\n\n* mysql: Server: PS multiple vulnerabilities (CVE-2020-14786, CVE-2020-14790, CVE-2020-14844, CVE-2021-2422)\n\n* mysql: Server: Security multiple vulnerabilities (CVE-2020-14800, CVE-2020-14838, CVE-2020-14860)\n\n* mysql: Server: Locking multiple vulnerabilities (CVE-2020-14812, CVE-2021-2058, CVE-2021-2402)\n\n* mysql: Server: DML multiple vulnerabilities (CVE-2020-14814, CVE-2020-14828, CVE-2021-2056, CVE-2021-2087, CVE-2021-2088, CVE-2021-2166, CVE-2021-2172, CVE-2021-2196, CVE-2021-2300, CVE-2021-2305, CVE-2021-2370, CVE-2021-2440)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-14852)\n\n* mysql: Server: DDL multiple vulnerabilities (CVE-2020-14867, CVE-2021-2061, CVE-2021-2122, CVE-2021-2339, CVE-2021-2352, CVE-2021-2399)\n\n* mysql: Server: X Plugin unspecified vulnerability (CVE-2020-14870)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-14873)\n\n* mysql: Server: Replication multiple vulnerabilities (CVE-2021-2002, CVE-2021-2171, CVE-2021-2178, CVE-2021-2202, CVE-2021-2356, CVE-2021-2385)\n\n* mysql: C API multiple vulnerabilities (CVE-2021-2010, CVE-2021-2011)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2021-2038)\n\n* mysql: Server: Options unspecified vulnerability (CVE-2021-2146)\n\n* mysql: Server: Group Replication Plugin multiple vulnerabilities (CVE-2021-2179, CVE-2021-2232)\n\n* mysql: Server: Partition multiple vulnerabilities (CVE-2021-2201, CVE-2021-2208)\n\n* mysql: Server: Information Schema multiple vulnerabilities (CVE-2021-2032, CVE-2021-2226, CVE-2021-2301, CVE-2021-2308)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2021-2307)\n\n* mysql: Server: Federated unspecified vulnerability (CVE-2021-2354)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-2417)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2021-2340)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Segfault and possible DoS with a crafted query (BZ#1996699)",
  "id": "ALSA-2021:3590",
  "modified": "2021-09-21T07:13:20Z",
  "published": "2021-09-21T07:13:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2021-3590.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14672"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14765"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14769"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14773"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14775"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14776"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14777"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14785"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14786"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14789"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14790"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14791"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14793"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14794"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14800"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14804"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14809"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14812"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14814"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14821"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14828"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14829"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14830"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14836"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14837"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14838"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14839"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14844"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14845"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14846"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14848"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14852"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14860"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14861"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14866"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14867"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14868"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14870"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14873"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14888"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14891"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-14893"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2001"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2002"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2010"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2011"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2021"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2022"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2024"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2028"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2030"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2031"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2032"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2036"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2038"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2042"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2046"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2048"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2055"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2056"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2058"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2060"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2061"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2065"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2070"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2072"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2076"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2081"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2087"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2088"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2122"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2146"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2164"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2166"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2169"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2170"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2171"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2172"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2174"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2178"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2179"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2180"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2193"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2194"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2196"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2201"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2202"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2203"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2208"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2212"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2213"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2215"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2217"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2226"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2230"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2232"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2278"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2293"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2298"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2299"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2300"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2301"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2304"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2305"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2307"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2308"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2339"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2340"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2342"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2352"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2354"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2356"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2357"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2367"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2370"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2372"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2374"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2383"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2384"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2385"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2387"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2389"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2390"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2399"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2402"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2410"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2412"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2417"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2418"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2422"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2424"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2425"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2426"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2427"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2429"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2437"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2440"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2441"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-2444"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-35537"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-35629"
    }
  ],
  "related": [
    "CVE-2020-14672",
    "CVE-2021-2046",
    "CVE-2021-2072",
    "CVE-2021-2081",
    "CVE-2021-2215",
    "CVE-2021-2217",
    "CVE-2021-2293",
    "CVE-2021-2304",
    "CVE-2021-2424",
    "CVE-2020-14765",
    "CVE-2020-14789",
    "CVE-2020-14804",
    "CVE-2020-14769",
    "CVE-2020-14773",
    "CVE-2020-14777",
    "CVE-2020-14785",
    "CVE-2020-14793",
    "CVE-2020-14794",
    "CVE-2020-14809",
    "CVE-2020-14830",
    "CVE-2020-14836",
    "CVE-2020-14837",
    "CVE-2020-14839",
    "CVE-2020-14845",
    "CVE-2020-14846",
    "CVE-2020-14861",
    "CVE-2020-14866",
    "CVE-2020-14868",
    "CVE-2020-14888",
    "CVE-2020-14891",
    "CVE-2020-14893",
    "CVE-2021-2001",
    "CVE-2021-2021",
    "CVE-2021-2024",
    "CVE-2021-2030",
    "CVE-2021-2031",
    "CVE-2021-2036",
    "CVE-2021-2055",
    "CVE-2021-2060",
    "CVE-2021-2065",
    "CVE-2021-2070",
    "CVE-2021-2076",
    "CVE-2021-2164",
    "CVE-2021-2169",
    "CVE-2021-2170",
    "CVE-2021-2193",
    "CVE-2021-2203",
    "CVE-2021-2212",
    "CVE-2021-2213",
    "CVE-2021-2230",
    "CVE-2021-2278",
    "CVE-2021-2298",
    "CVE-2021-2299",
    "CVE-2021-2342",
    "CVE-2021-2357",
    "CVE-2021-2367",
    "CVE-2021-2383",
    "CVE-2021-2384",
    "CVE-2021-2387",
    "CVE-2021-2410",
    "CVE-2021-2412",
    "CVE-2021-2418",
    "CVE-2021-2425",
    "CVE-2021-2426",
    "CVE-2021-2427",
    "CVE-2021-2437",
    "CVE-2021-2441",
    "CVE-2021-2444",
    "CVE-2020-14775",
    "CVE-2020-14776",
    "CVE-2020-14821",
    "CVE-2020-14829",
    "CVE-2020-14848",
    "CVE-2021-2022",
    "CVE-2021-2028",
    "CVE-2021-2048",
    "CVE-2021-2174",
    "CVE-2021-2180",
    "CVE-2021-2194",
    "CVE-2021-2372",
    "CVE-2021-2374",
    "CVE-2021-2389",
    "CVE-2021-2390",
    "CVE-2021-2429",
    "CVE-2020-14791",
    "CVE-2021-2042",
    "CVE-2020-14786",
    "CVE-2020-14790",
    "CVE-2020-14844",
    "CVE-2021-2422",
    "CVE-2020-14800",
    "CVE-2020-14838",
    "CVE-2020-14860",
    "CVE-2020-14812",
    "CVE-2021-2058",
    "CVE-2021-2402",
    "CVE-2020-14814",
    "CVE-2020-14828",
    "CVE-2021-2056",
    "CVE-2021-2087",
    "CVE-2021-2088",
    "CVE-2021-2166",
    "CVE-2021-2172",
    "CVE-2021-2196",
    "CVE-2021-2300",
    "CVE-2021-2305",
    "CVE-2021-2370",
    "CVE-2021-2440",
    "CVE-2020-14852",
    "CVE-2020-14867",
    "CVE-2021-2061",
    "CVE-2021-2122",
    "CVE-2021-2339",
    "CVE-2021-2352",
    "CVE-2021-2399",
    "CVE-2020-14870",
    "CVE-2020-14873",
    "CVE-2021-2002",
    "CVE-2021-2171",
    "CVE-2021-2178",
    "CVE-2021-2202",
    "CVE-2021-2356",
    "CVE-2021-2385",
    "CVE-2021-2010",
    "CVE-2021-2011",
    "CVE-2021-2038",
    "CVE-2021-2146",
    "CVE-2021-2179",
    "CVE-2021-2232",
    "CVE-2021-2201",
    "CVE-2021-2208",
    "CVE-2021-2032",
    "CVE-2021-2226",
    "CVE-2021-2301",
    "CVE-2021-2308",
    "CVE-2021-2307",
    "CVE-2021-2354",
    "CVE-2021-2417",
    "CVE-2021-2340"
  ],
  "summary": "Moderate: mysql:8.0 security, bug fix, and enhancement update"
}

CERTFR-2021-AVI-044

Vulnerability from certfr_avis - Published: 2021-01-20 - Updated: 2021-01-20

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Workbench versions 8.0.22 et antérieures
Oracle	MySQL	MySQL Server versions 8.0.22 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 8.0.22 et antérieures
Oracle	MySQL	MySQL Client versions 8.0.22 et antérieures

References

Title

Publication Time

GSD-2021-2042

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-2042

Aliases

CVE-2021-2042

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-2042",
    "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",
    "id": "GSD-2021-2042",
    "references": [
      "https://access.redhat.com/errata/RHSA-2021:3811",
      "https://access.redhat.com/errata/RHSA-2021:3590",
      "https://linux.oracle.com/cve/CVE-2021-2042.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-2042"
      ],
      "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).",
      "id": "GSD-2021-2042",
      "modified": "2023-12-13T01:23:14.943591Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2021-2042",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MySQL Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "8.0.21 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "2.3",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20210219-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20210219-0003/"
          },
          {
            "name": "GLSA-202105-27",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202105-27"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.21",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2021-2042"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210219-0003/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210219-0003/"
            },
            {
              "name": "GLSA-202105-27",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202105-27"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-01-04T17:28Z",
      "publishedDate": "2021-01-20T15:15Z"
    }
  }
}

CVE-2021-2042

Vulnerability from fstec - Published: 20.01.2021

Title

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на чтение данных или получить привилегированный доступ к инфраструктуре

Description

Уязвимость компонента InnoDB системы управления базами данных MySQL Server существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю получить доступ на чтение данных или получить привилегированный доступ к инфраструктуре

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Vendor

Oracle Corp.

Software Name

MySQL Server

Software Version

до 8.0.21 включительно (MySQL Server)

Possible Mitigations

Использование рекомендаций производителя: https://www.oracle.com/security-alerts/cpujan2021.html

Reference

https://www.oracle.com/security-alerts/cpujan2021.html https://nvd.nist.gov/vuln/detail/CVE-2021-2042

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 8.0.21 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.oracle.com/security-alerts/cpujan2021.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "02.02.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.02.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00517",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-2042",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "MySQL Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 InnoDB \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 InnoDB \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL Server \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/security-alerts/cpujan2021.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2042",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,1)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,3)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-2042 (GCVE-0-2021-2042)

CNVD-2021-04756

FKIE_CVE-2021-2042

GHSA-JPP8-6866-8F89

cve-2021-2042

Vulnerability from osv_almalinux

CERTFR-2021-AVI-044

Solution

GSD-2021-2042

CVE-2021-2042

Tags

Sightings

Nomenclature