Changes

Jump to: navigation, search

FLOP:CVE Monitoring

240,065 bytes added, 6 months ago
no edit summary
Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report.
The correct pattern for this This is probably a meant to be human in the loop automation: we can just be spamming <tt>truth tablejira</tt>, with the above exact matching algorithm one example of generalized predicates at are applied to each cve document in the cvedb. A table pairing packages and predicates can they be interpreted via custom logical operations to yields sets <tt>dev</tt>s must take ownership of the packages to consider for further discussion or immediate issue creationissues.
{{FLOPFooter}}
The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course.
== Example Output Fri 31 Jul Mon 10 Aug 2020 0210:4939:59 01 PM EDT == 
Summary:
-------
CVE-2020-1595315115: netdev-libsdb/libetpanetcd-13.3.12 Scores:------Impact: 2.986Ability to Exploit: 10.300
Description:
-----------
[0708/2706/2020]LibEtPan through 1etcd before versions 3.93.23 and 3.4, as used in MailCore 2 through 0.6.3 and other products,10 does not perform any password lengthhas a STARTTLS buffering issue that affects IMAPvalidation, SMTPwhich allows for very short passwords, and POP3. When such as those with a serverlengthsends a "begin TLS" response, the client reads additional data (eof one.g., from ameddler-in-theThis may allow an attacker to guess or brute-middle attacker) and evaluates it in a TLS context, aka "responseforce users' passwords withinjectionlittle computational effort."
CatPkg:
------
netdev-libsdb/libetpanetcd
KitBranch:
---------
netdev-kit/1.4-release
labels:
AffectsVersions:
---------------
13.93.312
Facts:
-----
https://github.com/dinhvh/libetpan/issues/386https:etcd-io/etcd/security.gentoo.org/glsaadvisories/202007GHSA-4993-m7g5-55r9hh
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1246015113: maildev-filterdb/opendmarcetcd-13.13.12 Scores:------Impact: 4.94Ability to Exploit: 3.95
Description:
-----------
[0708/2705/2020]OpenDMARC through 1In etcd before versions 3.3.2 23 and 13.4.x through 1.4.010, certain directory paths are created(etcd data directory and the directory path when provided to automaticallygenerate self-Beta1 has improper nullsigned certificates for TLS connections with clients) withtermination in restricted access permissions (700) by using the os.MkdirAll. This function opendmarc_xml_parse that can result in a one-bytedoesheap overflow in opendmarc_xml not perform any permission checks when parsing a specially crafted DMARC aggregategiven directory path exists already.report. This can cause remote memory corruption when a '\0' byte overwrites A possible workaround is to ensure the directories have thedesired permissionheap metadata of the next chunk and its PREV_INUSE flag(700).
CatPkg:
------
maildev-filterdb/opendmarcetcd
KitBranch:
---------
netdev-kit/1.4-release
labels:
AffectsVersions:
---------------
13.13.312
Facts:
-----
https://github.com/trusteddomainprojectetcd-io/OpenDMARCetcd/issuessecurity/64https://sourceforge.net/projects/opendmarcadvisories/GHSA-chh6-ppwq-jh92
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1589015114: dev-langdb/luajitetcd-23.03.12 Scores:------Impact: 2.86Ability to Exploit: _
Description:
-----------
[0708/2106/2020]LuaJit through 2In etcd before versions 3.13.0-beta3 has 23 and 3.4.10, the etcd gateway is a simple TCPproxy to allow for basic service discovery and access. However, it is possibleto include the gateway address as an out-endpoint. This results in a denial ofservice, since the endpoint can become stuck in a loop of-bounds read because __gc handler framerequesting itselftraversal is mishandleduntil there are no more available file descriptors to accept connections on thegateway.
CatPkg:
------
dev-langdb/luajitetcd
KitBranch:
---------
langdev-kit/1.4-release
labels:
AffectsVersions:
---------------
23.03.212
Facts:
-----
https://github.com/LuaJITetcd-io/LuaJITetcd/issuessecurity/601https:advisories//lists.debian.org/debianGHSA-2xhq-ltsgv6c-announce/2020/07/msg00026.htmlp224
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1589015115: dev-langdb/luajitetcd-3.3.13 Scores:------Impact: 2.086Ability to Exploit: 10.300
Description:
-----------
[0708/2106/2020]LuaJit through 2etcd before versions 3.13.0-beta3 has 23 and 3.4.10 does not perform any password lengthvalidation, which allows for very short passwords, such as those with a lengthof one. This may allow an out-ofattacker to guess or brute-bounds read because __gc handler frameforce users' passwords withtraversal is mishandledlittle computational effort.
CatPkg:
------
dev-langdb/luajitetcd
KitBranch:
---------
langdev-kit/1.4-release
labels:
AffectsVersions:
---------------
23.03.313
Facts:
-----
https://github.com/LuaJITetcd-io/LuaJITetcd/issuessecurity/601https:advisories//lists.debian.org/debianGHSA-4993-ltsm7g5-announce/2020/07/msg00026.htmlr9hh
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1589015113: dev-langdb/luajitetcd-23.03.13 Scores:------Impact: 4.94Ability to Exploit: 3.95
Description:
-----------
[0708/2105/2020]LuaJit through 2In etcd before versions 3.13.023 and 3.4.10, certain directory paths are created(etcd data directory and the directory path when provided to automaticallygenerate self-beta3 has an out-of-bounds read because __gc handler framesigned certificates for TLS connections with clients) withrestricted access permissions (700) by using the os.MkdirAll. This function doesnot perform any permission checks when a given directory path exists already.traversal A possible workaround is mishandledto ensure the directories have the desired permission(700).
CatPkg:
------
dev-langdb/luajitetcd
KitBranch:
---------
langdev-kit/1.4-release
labels:
AffectsVersions:
---------------
23.03.413
Facts:
-----
https://github.com/LuaJITetcd-io/LuaJITetcd/issuessecurity/601https:advisories//lists.debian.org/debianGHSA-chh6-ltsppwq-announce/2020/07/msg00026.htmljh92
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1589015114: dev-langdb/luajitetcd-3.3.13 Scores:------Impact: 2.0.586Ability to Exploit: _
Description:
-----------
[0708/2106/2020]LuaJit through 2In etcd before versions 3.13.0-beta3 has 23 and 3.4.10, the etcd gateway is a simple TCPproxy to allow for basic service discovery and access. However, it is possibleto include the gateway address as an out-endpoint. This results in a denial ofservice, since the endpoint can become stuck in a loop of-bounds read because __gc handler framerequesting itselftraversal is mishandleduntil there are no more available file descriptors to accept connections on thegateway.
CatPkg:
------
dev-langdb/luajitetcd
KitBranch:
---------
langdev-kit/1.4-release
labels:
AffectsVersions:
---------------
23.03.513
Facts:
-----
https://github.com/LuaJITetcd-io/LuaJITetcd/issuessecurity/601https:advisories//lists.debian.org/debianGHSA-2xhq-ltsgv6c-announce/2020/07/msg00026.htmlp224
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-177616117: wwwgnome-appsextra/otrsevolution-5data-server-3.36.02 Scores:------Impact: 2.86Ability to Exploit: 10.2500
Description:
-----------
[07/2029/2020]When an agent user is renamed or set to invalid the session belonging to theuser is keept activeIn GNOME evolution-data-server before 3.35. The session 91, a malicious server can not be used to access ticket data in thecase crash the agent is mail client with a NULL pointer dereference by sending an invalid. This issue affects ((OTRS)) Community Edition: 6.0.28and prior versions. OTRS: 7e.0g.18 and prior versions, 8.0.4minimal) CAPABILITY line on a connection attempt. This is related toimapx_free_capability and prior versionsimapx_connect_to_server.
CatPkg:
------
wwwgnome-appsextra/otrsevolution-data-server
KitBranch:
---------
netgnome-kit/13.436-releaseprime
labels:
AffectsVersions:
---------------
53.036.252
Facts:
-----
https://otrsgitlab.comgnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7https://gitlab.gnome.org/releaseGNOME/evolution-notesdata-server/otrs-security/issues/189https://lists.debian.org/debian-advisorylts-announce/2020-13/08/msg00005.html
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-177614928: wwwgnome-appsextra/otrsevolution-6data-server-3.036.32 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
-----------
[07/2017/2020]When an agent user is renamed or set to invalid the session belonging to theuser is keept active. The session can not be used to access ticket evolution-data in thecase the agent is invalid. This issue affects (-server (OTRS)eds) Community Edition: 6through 3.036.283 has a STARTTLS buffering issue thataffects SMTP and prior versionsPOP3. OTRS: 7.0.18 When a server sends a "begin TLS" response, eds readsadditional data and prior versionsevaluates it in a TLS context, 8.0.4. and prior versionsaka "response injection."
CatPkg:
------
wwwgnome-appsextra/otrsevolution-data-server
KitBranch:
---------
netgnome-kit/13.436-releaseprime
labels:
AffectsVersions:
---------------
63.036.32
Facts:
-----
https://otrsbugzilla.suse.com/releaseshow_bug.cgi?id=1173910https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4dfhttps://gitlab.gnome.org/GNOME/evolution-notesdata-server/otrs-/commit/f404f33fb01b23903c2bbb16791c7907e457fbachttps://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226https://lists.debian.org/debian-lts-announce/2020/07/msg00012.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/https://security-tracker.debian.org/tracker/DLA-2281-1https://security-advisorytracker.debian.org/tracker/DSA-4725-1https://usn.ubuntu.com/4429-1/https://www.debian.org/security/2020/dsa-13/4725
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-177613699: wwwnet-appsmisc/otrsteamviewer-14.1.3399 Scores:------Impact: 6.044Ability to Exploit: 8.459
Description:
-----------
[07/2029/2020]When an agent user is renamed or set to invalid the session belonging to theTeamViewer Desktop for Windows before 15.8.3 does not properly quote itscustom URI handlers. A malicious website could launch TeamViewer with arbitraryuser is keept activeparameters, as demonstrated by a teamviewer10: --play URL. The session can not be used An attacker couldforce a victim to access ticket data in send an NTLM authentication request and either relay thecase request or capture the agent is invalidhash for offline password cracking. This affectsteamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,and tvvpn1. The issue affects ((OTRS)) Community Edition: 6is fixed in 8.0.258861, 9.0.258860, 10.0.28258873,and prior versions11.0. OTRS: 7258870, 12.0.18 and prior versions258869, 13.2.36220, 814.2.056676, 14.47. 48350, and prior versions15.8.3.
CatPkg:
------
wwwnet-appsmisc/otrsteamviewer
KitBranch:
AffectsVersions:
---------------
614.01.43399
Facts:
-----
https://otrscommunity.teamviewer.com/release-notest5/Announcements/otrsStatement-securityon-advisoryCVE-2020-1313699/td-p/98448https://jeffs.sh/CVEs/CVE-2020-13699.txt
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-177613699: wwwnet-appsmisc/otrsteamviewer-14.1.9025 Scores:------Impact: 6.044Ability to Exploit: 8.559
Description:
-----------
[07/2029/2020]When an agent user is renamed or set to invalid the session belonging to theTeamViewer Desktop for Windows before 15.8.3 does not properly quote itscustom URI handlers. A malicious website could launch TeamViewer with arbitraryuser is keept activeparameters, as demonstrated by a teamviewer10: --play URL. The session can not be used An attacker couldforce a victim to access ticket data in send an NTLM authentication request and either relay thecase request or capture the agent is invalidhash for offline password cracking. This affectsteamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,and tvvpn1. The issue affects ((OTRS)) Community Edition: 6is fixed in 8.0.258861, 9.0.258860, 10.0.28258873,and prior versions11.0. OTRS: 7258870, 12.0.18 and prior versions258869, 13.2.36220, 814.2.056676, 14.47. 48350, and prior versions15.8.3.
CatPkg:
------
wwwnet-appsmisc/otrsteamviewer
KitBranch:
AffectsVersions:
---------------
614.01.59025
Facts:
-----
https://otrscommunity.teamviewer.com/release-notest5/Announcements/otrsStatement-securityon-advisoryCVE-2020-1313699/td-p/98448https://jeffs.sh/CVEs/CVE-2020-13699.txt
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-177613699: wwwnet-appsmisc/otrsteamviewer-14.1.18533 Scores:------Impact: 6.044Ability to Exploit: 8.759
Description:
-----------
[07/2029/2020]When an agent user is renamed or set to invalid the session belonging to theTeamViewer Desktop for Windows before 15.8.3 does not properly quote itscustom URI handlers. A malicious website could launch TeamViewer with arbitraryuser is keept activeparameters, as demonstrated by a teamviewer10: --play URL. The session can not be used An attacker couldforce a victim to access ticket data in send an NTLM authentication request and either relay thecase request or capture the agent is invalidhash for offline password cracking. This affectsteamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,and tvvpn1. The issue affects ((OTRS)) Community Edition: 6is fixed in 8.0.258861, 9.0.258860, 10.0.28258873,and prior versions11.0. OTRS: 7258870, 12.0.18 and prior versions258869, 13.2.36220, 814.2.056676, 14.47. 48350, and prior versions15.8.3.
CatPkg:
------
wwwnet-appsmisc/otrsteamviewer
KitBranch:
AffectsVersions:
---------------
614.01.718533
Facts:
-----
https://otrscommunity.teamviewer.com/release-notest5/Announcements/otrsStatement-securityon-advisoryCVE-2020-1313699/td-p/98448https://jeffs.sh/CVEs/CVE-2020-13699.txt
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1492813699: gnomenet-extramisc/evolutionteamviewer-data14.2.2558 Scores:-server-3----Impact: 6.3644Ability to Exploit: 8.259
Description:
-----------
[07/1729/2020]evolution-data-server (eds) through 3TeamViewer Desktop for Windows before 15.368.3 has does not properly quote itscustom URI handlers. A malicious website could launch TeamViewer with arbitraryparameters, as demonstrated by a STARTTLS buffering issue thatteamviewer10: --play URL. An attacker couldaffects SMTP force a victim to send an NTLM authentication request and POP3either relay therequest or capture the hash for offline password cracking. When a server sends a "begin TLS" responseThis affectsteamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, eds readsadditional data and evaluates it tvvpn1. The issue is fixed in a TLS context8.0.258861, 9.0.258860, 10.0.258873,11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, aka "response injectionand 15.8.3."
CatPkg:
------
gnomenet-extramisc/evolution-data-serverteamviewer
KitBranch:
---------
gnomenet-kit/31.364-primerelease
labels:
AffectsVersions:
---------------
314.362.22558
Facts:
-----
https://bugzillacommunity.suseteamviewer.com/show_bug.cgi?id=1173910https:t5/Announcements/gitlab.gnome.org/GNOME//evolutionStatement-dataon-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4dfhttps://gitlab.gnome.org/GNOME/evolutionCVE-data2020-server13699/td-p/commit/f404f33fb01b23903c2bbb16791c7907e457fbac98448https://gitlab.gnomejeffs.org/GNOME/evolution-data-server/-/issues/226https:sh/CVEs/lists.debian.org/debianCVE-lts-announce/2020/07/msg00012.htmlhttps://security-tracker.debian.org/tracker/DLA-2281-1https://security-tracker13699.debian.org/tracker/DSA-4725-1https://usn.ubuntu.com/4429-1/https://www.debian.org/security/2020/dsa-4725txt
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1585213699: appnet-emulationmisc/xenteamviewer-414.102.38352 Scores:------r1Impact: 6.44Ability to Exploit: 8.59
Description:
-----------
[07/2029/2020]An issue was discovered in the Linux kernel 5TeamViewer Desktop for Windows before 15.5 through 58.73 does not properly quote itscustom URI handlers.9A malicious website could launch TeamViewer with arbitraryparameters, as used inXen through 4.13.x for x86 PV guestsdemonstrated by a teamviewer10: --play URL. An attacker may be granted couldforce a victim to send an NTLM authentication request and either relay the I/O portpermissions of an unrelated taskrequest or capture the hash for offline password cracking. This occurs because tss_invalidate_io_bitmapaffectsteamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,mishandling causes a loss of synchronization between the I/O bitmaps of TSS andtvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,Xen11.0.258870, 12.0.258869, 13.2.36220, aka CID-cadfad87015414.2.56676, 14.7.48350, and 15.8.3.
CatPkg:
------
appnet-emulationmisc/xenteamviewer
KitBranch:
---------
nokitnet-kit/1.4-release
labels:
AffectsVersions:
---------------
414.102.3-r18352
Facts:
-----
httphttps://wwwcommunity.openwallteamviewer.com/listst5/ossAnnouncements/Statement-on-CVE-security/2020-13699/07td-p/21/298448httphttps://xenbits.xenjeffs.orgsh/xsaCVEs/advisoryCVE-2020-329.htmlhttps://git13699.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2txt
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1585212460: appmail-emulationfilter/xenopendmarc-41.111.13 Scores:------r3Impact: 6.44Ability to Exploit: 10.00
Description:
-----------
[07/2027/2020]An issue was discovered in the Linux kernel 5OpenDMARC through 1.5 through 53.72 and 1.9, as used inXen through 4.13x through 1.x for x86 PV guests4. An attacker may be granted 0-Beta1 has improper nulltermination in the I/O portfunction opendmarc_xml_parse that can result in a one-byteheap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregatepermissions of an unrelated taskreport. This occurs because tss_invalidate_io_bitmapcan cause remote memory corruption when a '\0' byte overwrites themishandling causes a loss heap metadata of synchronization between the I/O bitmaps of TSS next chunk andXen, aka CID-cadfad870154its PREV_INUSE flag.
CatPkg:
------
appmail-emulationfilter/xenopendmarc
KitBranch:
---------
nokitnet-kit/1.4-release
labels:
AffectsVersions:
---------------
41.111.1-r33
Facts:
-----
httphttps://www.openwallgithub.com/liststrusteddomainproject/oss-securityOpenDMARC/2020issues/07/21/2http://xenbits.xen.org/xsa/advisory-329.html64https://git.kernelsourceforge.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2https://github.com/torvaldsnet/linuxprojects/commitopendmarc/cadfad870154e14f745ec845708bc17d166065f2
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1585215953: appnet-emulationlibs/xenlibetpan-1.9.3 Scores:------Impact: 4.1294Ability to Exploit: 8.0-r159
Description:
-----------
[07/2027/2020]An issue was discovered in the Linux kernel 5.5 LibEtPan through 51.79.94, as used inXen MailCore 2 through 40.136.x for x86 PV guests3 and other products,has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. An attacker may be granted When a serversends a "begin TLS" response, the I/O portpermissions of an unrelated taskclient reads additional data (e.g. This occurs because tss_invalidate_io_bitmap, from amishandling causes a loss of synchronization between meddler-in-the I/O bitmaps of TSS -middle attacker) andXenevaluates it in a TLS context, aka CID-cadfad870154"responseinjection."
CatPkg:
------
appnet-emulationlibs/xenlibetpan
KitBranch:
---------
nokitnet-kit/1.4-release
labels:
AffectsVersions:
---------------
41.129.0-r13
Facts:
-----
httphttps://www.openwallgithub.com/lists/oss-security/2020dinhvh/07libetpan/21issues/2386httphttps://xenbitssecurity.xengentoo.org/xsaglsa/advisory202007-329.htmlhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f255
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-151211776: devwww-utilapps/radare2otrs-35.40.125 Scores:------Impact: 2.86Ability to Exploit: _
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in When an agent user is renamed or set to invalid the session belonging to the PDB serverpath cause shell injectionuser is keept active. To trigger the problem it's required The session can not be used to open access ticket data in theexecutable in radare2 and run idpd to trigger case the downloadagent is invalid. This issue affects ((OTRS)) Community Edition: 6.0. The shell code will28executeand prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and will create a file called pwned in the current directoryprior versions.
CatPkg:
------
devwww-utilapps/radare2otrs
KitBranch:
---------
devnet-kit/1.4-release
labels:
AffectsVersions:
---------------
35.40.125
Facts:
-----
https://githubotrs.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9https://github.com/radareorg/radare2/issues/16945https://github.com/radareorg/radare2/pull/16966https://github.com/radareorg/radare2release-notes/otrs-security/advisories/GHSA-r552advisory-vp942020-935813/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-151211776: devwww-utilapps/radare2otrs-6.0.Scores:------Impact: 2.5.086Ability to Exploit: _
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in When an agent user is renamed or set to invalid the session belonging to the PDB serverpath cause shell injectionuser is keept active. To trigger the problem it's required The session can not be used to open access ticket data in theexecutable in radare2 and run idpd to trigger case the downloadagent is invalid. This issue affects ((OTRS)) Community Edition: 6.0. The shell code will28executeand prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and will create a file called pwned in the current directoryprior versions.
CatPkg:
------
devwww-utilapps/radare2otrs
KitBranch:
---------
devnet-kit/1.4-release
labels:
AffectsVersions:
---------------
36.50.03
Facts:
-----
https://githubotrs.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9https://github.com/radareorg/radare2/issues/16945https://github.com/radareorg/radare2/pull/16966https://github.com/radareorg/radare2release-notes/otrs-security/advisories/GHSA-r552advisory-vp942020-935813/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-151211776: devwww-utilapps/radare2otrs-36.50.14 Scores:------Impact: 2.86Ability to Exploit: _
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in When an agent user is renamed or set to invalid the session belonging to the PDB serverpath cause shell injectionuser is keept active. To trigger the problem it's required The session can not be used to open access ticket data in theexecutable in radare2 and run idpd to trigger case the downloadagent is invalid. This issue affects ((OTRS)) Community Edition: 6.0. The shell code will28executeand prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and will create a file called pwned in the current directoryprior versions.
CatPkg:
------
devwww-utilapps/radare2otrs
KitBranch:
---------
devnet-kit/1.4-release
labels:
AffectsVersions:
---------------
36.50.14
Facts:
-----
https://githubotrs.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9https://github.com/radareorg/radare2/issues/16945https://github.com/radareorg/radare2/pull/16966https://github.com/radareorg/radare2release-notes/otrs-security/advisories/GHSA-r552advisory-vp942020-935813/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-140011776: devwww-rubyapps/kramdownotrs-16.170.5 Scores:------Impact: 2.086Ability to Exploit: _
Description:
-----------
[07/1720/2020]When an agent user is renamed or set to invalid the session belonging to theuser is keept active. The kramdown gem before 2.3.0 for Ruby processes session can not be used to access ticket data in the template option insideKramdown documents by default, which allows unintended read access case the agent is invalid. This issue affects ((such astemplate="/etc/passwd"OTRS)) or unintended embedded Ruby code execution (such as aCommunity Edition: 6.0.28string that begins with template="stringand prior versions. OTRS://<%= `)7.0. NOTE: kramdown is used inJekyll, GitLab Pages, GitHub Pages18 and prior versions, 8.0.4. and Thredded Forumprior versions.
CatPkg:
------
devwww-rubyapps/kramdownotrs
KitBranch:
---------
rubynet-kit/21.64-primerelease
labels:
AffectsVersions:
---------------
16.170.05
Facts:
-----
https://githubotrs.com/gettalongrelease-notes/kramdownhttps:otrs-security-advisory-2020-13//github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fdehttps://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0https://kramdown.gettalong.orghttps://kramdown.gettalong.org/news.htmlhttps://rubygems.org/gems/kramdown
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-155861776: devwww-langapps/gootrs-16.120.177 Scores:------Impact: 2.86Ability to Exploit: _
Description:
-----------
[07/1720/2020]Go before 1When an agent user is renamed or set to invalid the session belonging to theuser is keept active. The session can not be used to access ticket data in thecase the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.130.13 28and 1prior versions.14OTRS: 7.x before 10.1418 and prior versions, 8.5 has a data race in some net/httpservers, as demonstrated by the httputil0.4.ReverseProxy Handler, because it readsa request body and writes a response at the same timeprior versions.
CatPkg:
------
devwww-langapps/gootrs
KitBranch:
---------
langnet-kit/1.4-release
labels:
AffectsVersions:
---------------
16.120.177
Facts:
-----
httphttps://listsotrs.opensuse.orgcom/release-notes/opensuseotrs-security-announce/advisory-2020-0713/msg00077.htmlhttp://lists.opensuse.org/opensuse------------------------------------------------------------------------------security-announce/2020-07/msg00082.htmlhttps://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_ghttps://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2whttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/https://www.cloudfoundry.org/blog/cve-2020-15586/--------------------------------------------------------------------------
Summary:
-------
CVE-2020-1403915852: devapp-langemulation/goxen-14.1210.173-r1 Scores:------Impact: 6.44Ability to Exploit: 3.95
Description:
-----------
[07/1720/2020]In Go before 1An issue was discovered in the Linux kernel 5.135 through 5.7.9, as used inXen through 4.13 and 1.14.x before 1.14.5, Certificatefor x86 PV guests.Verify An attacker may lack abe granted the I/O portcheck on the VerifyOptionspermissions of an unrelated task.KeyUsages EKU requirements (if VerifyOptions.RootsThis occurs because tss_invalidate_io_bitmapequals nil mishandling causes a loss of synchronization between the I/O bitmaps of TSS and the installation is on Windows). ThusXen, X.509 certificateverification is incompleteaka CID-cadfad870154.
CatPkg:
------
devapp-langemulation/goxen
KitBranch:
---------
lang-kitnokit/1.4-release
labels:
AffectsVersions:
---------------
14.1210.173-r1
Facts:
-----
http://listswww.opensuseopenwall.orgcom/lists/opensuseoss-security-announce/2020-/07/msg00077.html21/2http://listsxenbits.opensusexen.org/opensuse-security-announcexsa/2020advisory-07/msg00082329.htmlhttps://groupsgit.googlekernel.comorg/cgit/linux/kernel/git/torvalds/forumlinux.git/#!forumcommit/golang-announce?id=cadfad870154e14f745ec845708bc17d166065f2https://groups.googlegithub.com/forumtorvalds/#!topiclinux/golang-announcecommit/XZNfaiwgt2wcadfad870154e14f745ec845708bc17d166065f2
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580315852: netapp-analyzeremulation/zabbixxen-24.211.161-r3 Scores:------Impact: 6.44Ability to Exploit: 3.95
Description:
-----------
[07/1720/2020]Zabbix before 3An issue was discovered in the Linux kernel 5.0.32rc1, 4.x before 45 through 5.07.22rc19, as used inXen through 4.113.x through 4for x86 PV guests.4An attacker may be granted the I/O portpermissions of an unrelated task.x beforeThis occurs because tss_invalidate_io_bitmapmishandling causes a loss of synchronization between the I/O bitmaps of TSS and4.4.10rc1Xen, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widgetaka CID-cadfad870154.
CatPkg:
------
netapp-analyzeremulation/zabbixxen
KitBranch:
---------
net-kitnokit/1.4-release
labels:
AffectsVersions:
---------------
24.211.161-r3
Facts:
-----
httpshttp://listswww.fedoraprojectopenwall.orgcom/lists/oss-security/2020/07/21/archives2http:/list/package-announce@listsxenbits.fedoraprojectxen.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFExsa/advisory-329.htmlhttps://listsgit.fedoraprojectkernel.org/archivescgit/linux/kernel/git/listtorvalds/package-announce@listslinux.fedoraproject.org/messagegit/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXTcommit/?id=cadfad870154e14f745ec845708bc17d166065f2https://support.zabbixgithub.com/browsetorvalds/ZBX-18057linux/commit/cadfad870154e14f745ec845708bc17d166065f2
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580315852: netapp-analyzeremulation/zabbixxen-24.212.160-r1 Scores:------Impact: 6.44Ability to Exploit: 3.95
Description:
-----------
[07/1720/2020]Zabbix before 3An issue was discovered in the Linux kernel 5.0.32rc1, 4.x before 45 through 5.07.22rc19, as used inXen through 4.113.x through 4for x86 PV guests.4An attacker may be granted the I/O portpermissions of an unrelated task.x beforeThis occurs because tss_invalidate_io_bitmapmishandling causes a loss of synchronization between the I/O bitmaps of TSS and4.4.10rc1Xen, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widgetaka CID-cadfad870154.
CatPkg:
------
netapp-analyzeremulation/zabbixxen
KitBranch:
---------
net-kitnokit/1.4-release
labels:
AffectsVersions:
---------------
24.212.160-r1
Facts:
-----
httpshttp://listswww.fedoraprojectopenwall.orgcom/lists/oss-security/2020/07/21/archives2http:/list/package-announce@listsxenbits.fedoraprojectxen.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFExsa/advisory-329.htmlhttps://listsgit.fedoraprojectkernel.org/archivescgit/linux/kernel/git/listtorvalds/package-announce@listslinux.fedoraproject.org/messagegit/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXTcommit/?id=cadfad870154e14f745ec845708bc17d166065f2https://support.zabbixgithub.com/browsetorvalds/ZBX-18057linux/commit/cadfad870154e14f745ec845708bc17d166065f2
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580315121: netdev-analyzerutil/zabbixradare2-23.24.161 Scores:------Impact: 6.44Ability to Exploit: 8.59
Description:
-----------
[07/1720/2020]Zabbix In radare2 before 3.0.32rc1, version 4.x before 45.0.22rc1, 4malformed PDB file names in the PDB serverpath cause shell injection.1To trigger the problem it's required to open theexecutable in radare2 and run idpd to trigger the download.x through 4.4.x beforeThe shell code will4.4.10rc1execute, and 5.x before 5.0.2rc1 allows stored XSS will create a file called pwned in the URL Widgetcurrent directory.
CatPkg:
------
netdev-analyzerutil/zabbixradare2
KitBranch:
---------
netdev-kit/1.4-release
labels:
AffectsVersions:
---------------
23.24.161
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9https://github.com/radareorg/radare2/issues/16945https://github.com/radareorg/radare2/pull/16966https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFEMWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/https:/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580315121: netdev-analyzerutil/zabbixradare2-23.25.210 Scores:------Impact: 6.44Ability to Exploit: 8.59
Description:
-----------
[07/1720/2020]Zabbix In radare2 before 3.0.32rc1, version 4.x before 45.0.22rc1, 4malformed PDB file names in the PDB serverpath cause shell injection.1To trigger the problem it's required to open theexecutable in radare2 and run idpd to trigger the download.x through 4.4.x beforeThe shell code will4.4.10rc1execute, and 5.x before 5.0.2rc1 allows stored XSS will create a file called pwned in the URL Widgetcurrent directory
CatPkg:
------
netdev-analyzerutil/zabbixradare2
KitBranch:
---------
netdev-kit/1.4-release
labels:
AffectsVersions:
---------------
23.25.210
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9https://github.com/radareorg/radare2/issues/16945https://github.com/radareorg/radare2/pull/16966https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFEMWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/https:/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580315121: netdev-analyzerutil/zabbixradare2-23.25.211 Scores:------Impact: 6.44Ability to Exploit: 8.59
Description:
-----------
[07/1720/2020]Zabbix In radare2 before 3.0.32rc1, version 4.x before 45.0.22rc1, 4malformed PDB file names in the PDB serverpath cause shell injection.1To trigger the problem it's required to open theexecutable in radare2 and run idpd to trigger the download.x through 4.4.x beforeThe shell code will4.4.10rc1execute, and 5.x before 5.0.2rc1 allows stored XSS will create a file called pwned in the URL Widgetcurrent directory.
CatPkg:
------
netdev-analyzerutil/zabbixradare2
KitBranch:
---------
netdev-kit/1.4-release
labels:
AffectsVersions:
---------------
23.25.211
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9https://github.com/radareorg/radare2/issues/16945https://github.com/radareorg/radare2/pull/16966https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFEMWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/https:/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580314001: netdev-analyzerruby/zabbixkramdown-21.217.210 Scores:------Impact: 6.44Ability to Exploit: 10.00
Description:
-----------
[07/17/2020]
Zabbix The kramdown gem before 2.3.0for Ruby processes the template option insideKramdown documents by default, which allows unintended read access (such astemplate="/etc/passwd") or unintended embedded Ruby code execution (such as astring that begins with template="string://<%= `).32rc1NOTE: kramdown is used inJekyll, 4.x before 4.0.22rc1GitLab Pages, 4.1.x through 4.4.x before4.4.10rc1GitHub Pages, and 5.x before 5.0.2rc1 allows stored XSS in the URL WidgetThredded Forum.
CatPkg:
------
netdev-analyzerruby/zabbixkramdown
KitBranch:
---------
netruby-kit/12.46-releaseprime
labels:
AffectsVersions:
---------------
21.217.210
Facts:
-----
https://listsgithub.com/gettalong/kramdownhttps://github.fedoraprojectcom/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fdehttps://github.orgcom/gettalong/kramdown/compare/archivesREL_2_2_1...REL_2_3_0https:/list/package-announce@listskramdown.fedoraprojectgettalong.orghttps:/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFEkramdown.gettalong.org/news.htmlhttps://lists.fedoraprojectapache.org/archivesthread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3Ehttps:/list/packagelists.debian.org/debian-lts-announce@lists/2020/08/msg00014.fedoraprojecthtmlhttps://rubygems.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXTgems/kramdownhttps://supportsecurity.zabbixnetapp.com/browseadvisory/ZBXntap-20200731-180570004/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580315586: netdev-analyzerlang/zabbixgo-1.12.17 Scores:------Impact: 2.286Ability to Exploit: 8.2159
Description:
-----------
[07/17/2020]
Zabbix Go before 31.13.013 and 1.32rc1, 414.x before 4.0.22rc1, 4.1.x through 414.4.x before5 has a data race in some net/http4servers, as demonstrated by the httputil.4.10rc1ReverseProxy Handler, because it readsa request body and 5.x before 5.0.2rc1 allows stored XSS in writes a response at the URL Widgetsame time.
CatPkg:
------
netdev-analyzerlang/zabbixgo
KitBranch:
---------
netlang-kit/1.4-release
labels:
AffectsVersions:
---------------
21.212.2117
Facts:
-----
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.htmlhttps://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_ghttps://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2whttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFEOCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXTWIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/https://supportsecurity.zabbixnetapp.com/browseadvisory/ntap-20200731-0005/https://ZBXwww.cloudfoundry.org/blog/cve-2020-1805715586/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580314039: netdev-analyzerlang/zabbixgo-1.12.17 Scores:------Impact: 2.286Ability to Exploit: 10.2300
Description:
-----------
[07/17/2020]
Zabbix In Go before 31.13.013 and 1.32rc1, 414.x before 41.014.22rc15, 4Certificate.1.x through 4Verify may lack acheck on the VerifyOptions.4KeyUsages EKU requirements (if VerifyOptions.x beforeRoots4equals nil and the installation is on Windows).4.10rc1Thus, and 5X.x before 5.0.2rc1 allows stored XSS in the URL Widget509 certificateverification is incomplete.
CatPkg:
------
netdev-analyzerlang/zabbixgo
KitBranch:
---------
netlang-kit/1.4-release
labels:
AffectsVersions:
---------------
21.212.2317
Facts:
-----
httpshttp://lists.fedoraprojectopensuse.org/archivesopensuse-security-announce/2020-07/msg00077.htmlhttp:/list/package-announce@lists.fedoraprojectopensuse.org/messageopensuse-security-announce/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE2020-07/msg00082.htmlhttps://listsgroups.fedoraprojectgoogle.orgcom/archivesforum/list#!forum/packagegolang-announce@listshttps://groups.fedoraprojectgoogle.orgcom/forum/message#!topic/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXTgolang-announce/XZNfaiwgt2whttps://supportsecurity.zabbixnetapp.com/browseadvisory/ZBXntap-20200731-180570005/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.2316 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
2.2.2316
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.2316 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
2.2.2316
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-32.02.2621 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
32.02.2621
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-32.02.2621 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
32.02.2621
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-32.02.2621 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
32.02.2621
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-42.02.623 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
42.02.623
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-42.02.623 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
42.02.623
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-43.0.626 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
43.0.626
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-43.0.626 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
43.0.626
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.76 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
4.0.76
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.76 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
4.0.76
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.76 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
4.0.76
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.97 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
4.0.97
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.97 Scores:------Impact: 2.86Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
4.0.97
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-34.0.9 Scores:------Impact: 2.1186Ability to Exploit: 8.59
Description:
AffectsVersions:
---------------
34.20.119
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580315117: netx11-analyzermisc/zabbixsynergy-31.49.151 Scores:------Impact: 2.86Ability to Exploit: _
Description:
-----------
[07/1715/2020]Zabbix In Synergy before 3version 1.12.0.32rc1, a Synergy server can be crashed by receivinga kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295)if the servers memory is less than 4GB.x before 4It was verified that this issue doesnot cause a crash through the exception handler if the available memory of theServer is more than 4GB.0 CatPkg:------x11-misc/synergy KitBranch:---------desktop-kit/1.22rc1, 4.-release labels:------security AffectsVersions:---------------1.x through 49.41 Facts:-----https://github.x beforecom/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea394https://github.4com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.10rc1, and 5.x before 561 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.2rc1 20 and prior. Easily exploitable vulnerability allows stored XSS high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in the URL Widgetunauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CatPkg:
------
netdev-analyzerdb/zabbixmysql
KitBranch:
---------
netcore-server-kit/1.4-release
labels:
AffectsVersions:
---------------
35.45.1561
Facts:
-----
https://listssecurity.fedoraprojectnetapp.orgcom/archivesadvisory/list/packagentap-20200717-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE0004/https://listsusn.fedoraprojectubuntu.orgcom/archives/list/package4441-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT1/https://supportwww.zabbixoracle.com/browsesecurity-alerts/ZBX-18057cpujul2020.html
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Summary:
-------
CVE-2020-1580314651: netdev-analyzerdb/zabbixmysql-5.5.61 Scores:------Impact: 4.2.394Ability to Exploit: _
Description:
-----------
[07/1715/2020]Zabbix before 3Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.32rc1, 420 and prior.x before 4Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server.0.22rc1Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, 4.1.x through 4.4.x beforeinsert or delete access to some of MySQL Server accessible4data.4CVSS 3.10rc1, and 1 Base Score 5.x before 5(Integrity and Availability impacts).0CVSS Vector:(CVSS:3.2rc1 allows stored XSS in the URL Widget1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CatPkg:
------
netdev-analyzerdb/zabbixmysql
KitBranch:
---------
netcore-server-kit/1.4-release
labels:
AffectsVersions:
---------------
45.25.361
Facts:
-----
https://listssecurity.fedoraprojectnetapp.orgcom/archivesadvisory/list/packagentap-20200717-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE0004/https://listsusn.fedoraprojectubuntu.org/archives/listcom/package4441-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT1/https://supportwww.zabbixoracle.com/browsesecurity-alerts/ZBXcpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.5.61 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.5.61 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.5.61 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.5.61 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.5.61 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.61 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14651: dev-db/mysql-5.5.62 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.5.62 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.5.62 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.5.62 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.5.62 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.5.62 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.5.62 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14651: dev-db/mysql-5.6.42 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.6.42 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.6.42 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.6.42 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.6.42 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.6.42 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.42 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14651: dev-db/mysql-5.6.43 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.6.43 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.6.43 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.6.43 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.6.43 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.6.43 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.43 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14651: dev-db/mysql-5.6.44 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.6.44 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.6.44 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.6.44 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.6.44 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.6.44 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.6.44 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14651: dev-db/mysql-5.7.24 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.7.24 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.7.24 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.7.24 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.7.24 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.7.24 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.24 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14651: dev-db/mysql-5.7.25 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.7.25 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.7.25 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.7.25 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.7.25 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.7.25 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.25 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14702: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14651: dev-db/mysql-5.7.26 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14663: dev-db/mysql-5.7.26 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14624: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: JSON). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14697: dev-db/mysql-5.7.26 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14643: dev-db/mysql-5.7.26 Scores:------Impact: 4.94Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Roles). Supported versions that are affected are 8.0.20 and prior.Easily exploitable vulnerability allows high privileged attacker with networkaccess via multiple protocols to compromise MySQL Server. Successful attacksof this vulnerability can result in unauthorized ability to cause a hangor frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessibledata. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14656: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Locking). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14623: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14680: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14631: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Audit). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14654: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14620: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14678: dev-db/mysql-5.7.26 Scores:------Impact: 6.44Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Security: Privileges). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attacker withnetwork access via multiple protocols to compromise MySQL Server. Successfulattacks of this vulnerability can result in takeover of MySQL Server. CVSS3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSSVector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14619: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Parser). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14597: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14576: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: UDF). Supported versions that are affected are 5.7.30 and prior and8.0.20 and prior. Easily exploitable vulnerability allows low privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14575: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: DML). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14614: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Optimizer). Supported versions that are affected are 8.0.20 andprior. Easily exploitable vulnerability allows high privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14591: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Audit Plug-in). Supported versions that are affected are 8.0.20and prior. Easily exploitable vulnerability allows low privileged attackerwith network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14568: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.20 and prior. Easily exploitablevulnerability allows high privileged attacker with network access via multipleprotocols to compromise MySQL Server. Successful attacks of this vulnerabilitycan result in unauthorized ability to cause a hang or frequently repeatablecrash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabilityimpacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14586: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Security: Privileges). Supported versions that are affected are8.0.20 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14567: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Replication). Supported versions that are affected are 5.7.29 and prior and8.0.19 and prior. Easily exploitable vulnerability allows high privilegedattacker with network access via multiple protocols to compromise MySQLServer. Successful attacks of this vulnerability can result in unauthorizedability to cause a hang or frequently repeatable crash (complete DOS) ofMySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14559: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:Information Schema). Supported versions that are affected are 5.6.48 andprior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabilityallows low privileged attacker with network access via multiple protocolsto compromise MySQL Server. Successful attacks of this vulnerability canresult in unauthorized read access to a subset of MySQL Server accessibledata. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-14553: dev-db/mysql-5.7.26 Scores:------Impact: 2.86Ability to Exploit: _ Description:-----------[07/15/2020]Vulnerability in the MySQL Server product of Oracle MySQL (component:Server: Pluggable Auth). Supported versions that are affected are 5.7.30and prior and 8.0.20 and prior. Easily exploitable vulnerability allowslow privileged attacker with network access via multiple protocols tocompromise MySQL Server. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of MySQL Serveraccessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CatPkg:------dev-db/mysql KitBranch:---------core-server-kit/1.4-release labels:------security AffectsVersions:---------------5.7.26 Facts:-----https://security.netapp.com/advisory/ntap-20200717-0004/https://usn.ubuntu.com/4441-1/https://www.oracle.com/security-alerts/cpujul2020.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-15890: dev-lang/luajit-2.0.2 Scores:------Impact: 2.86Ability to Exploit: 10.00 Description:-----------[07/21/2020]LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frametraversal is mishandled. CatPkg:------dev-lang/luajit KitBranch:---------lang-kit/1.4-release labels:------security AffectsVersions:---------------2.0.2 Facts:-----https://github.com/LuaJIT/LuaJIT/issues/601https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-15890: dev-lang/luajit-2.0.3 Scores:------Impact: 2.86Ability to Exploit: 10.00 Description:-----------[07/21/2020]LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frametraversal is mishandled. CatPkg:------dev-lang/luajit KitBranch:---------lang-kit/1.4-release labels:------security AffectsVersions:---------------2.0.3 Facts:-----https://github.com/LuaJIT/LuaJIT/issues/601https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-15890: dev-lang/luajit-2.0.4 Scores:------Impact: 2.86Ability to Exploit: 10.00 Description:-----------[07/21/2020]LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frametraversal is mishandled. CatPkg:------dev-lang/luajit KitBranch:---------lang-kit/1.4-release labels:------security AffectsVersions:---------------2.0.4 Facts:-----https://github.com/LuaJIT/LuaJIT/issues/601https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Summary:-------CVE-2020-15890: dev-lang/luajit-2.0.5 Scores:------Impact: 2.86Ability to Exploit: 10.00 Description:-----------[07/21/2020]LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frametraversal is mishandled. CatPkg:------dev-lang/luajit KitBranch:---------lang-kit/1.4-release labels:------security AffectsVersions:---------------2.0.5 Facts:-----https://github.com/LuaJIT/LuaJIT/issues/601https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html ----------------------------------------------------------------------------------------------------------------------------------------------------------------18057
wiki-users
780
edits

Navigation menu