Difference between revisions of "FLOP:CVE Monitoring"

From Funtoo
Jump to: navigation, search
m
Line 90: Line 90:
 
Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report.
 
Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report.
  
The correct pattern for this is probably a <tt>truth table</tt>, with the above exact matching algorithm one example of generalized predicates at are applied to each cve document in the cvedb. A table pairing packages and predicates can they be interpreted via custom logical operations to yields sets of the packages to consider for further discussion or immediate issue creation.  
+
This is meant to be human in the loop automation: we can just be spamming <tt>jira</tt>, and <tt>dev</tt>s must take ownership of issues.
 
{{FLOPFooter}}
 
{{FLOPFooter}}
  
Line 96: Line 96:
 
The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course.
 
The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course.
  
== Example Output Fri 31 Jul 2020 02:49:59 PM EDT ==
+
== Example Output Mon 10 Aug 2020 10:39:01 PM EDT ==
 +
 
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15953: net-libs/libetpan-1.9.3
+
CVE-2020-15115: dev-db/etcd-3.3.12
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 10.00
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/27/2020]
+
[08/06/2020]
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products,
+
etcd before versions 3.3.23 and 3.4.10 does not perform any password length
has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server
+
validation, which allows for very short passwords, such as those with a length
sends a "begin TLS" response, the client reads additional data (e.g., from a
+
of one. This may allow an attacker to guess or brute-force users' passwords with
meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response
+
little computational effort.
injection."
 
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-libs/libetpan
+
dev-db/etcd
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 125: Line 130:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
1.9.3
+
3.3.12
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/dinhvh/libetpan/issues/386
+
https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
https://security.gentoo.org/glsa/202007-55
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-12460: mail-filter/opendmarc-1.1.3
+
CVE-2020-15113: dev-db/etcd-3.3.12
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: 3.95
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/27/2020]
+
[08/05/2020]
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null
+
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created
termination in the function opendmarc_xml_parse that can result in a one-byte
+
(etcd data directory and the directory path when provided to automatically
heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate
+
generate self-signed certificates for TLS connections with clients) with
report. This can cause remote memory corruption when a '\0' byte overwrites the
+
restricted access permissions (700) by using the os.MkdirAll. This function does
heap metadata of the next chunk and its PREV_INUSE flag.
+
not perform any permission checks when a given directory path exists already.
 +
A possible workaround is to ensure the directories have the desired permission
 +
(700).
  
 
CatPkg:
 
CatPkg:
 
------
 
------
mail-filter/opendmarc
+
dev-db/etcd
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 160: Line 173:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
1.1.3
+
3.3.12
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/trusteddomainproject/OpenDMARC/issues/64
+
https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
https://sourceforge.net/projects/opendmarc/
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15890: dev-lang/luajit-2.0.2
+
CVE-2020-15114: dev-db/etcd-3.3.12
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/21/2020]
+
[08/06/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP
traversal is mishandled.
+
proxy to allow for basic service discovery and access. However, it is possible
 +
to include the gateway address as an endpoint. This results in a denial of
 +
service, since the endpoint can become stuck in a loop of requesting itself
 +
until there are no more available file descriptors to accept connections on the
 +
gateway.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-lang/luajit
+
dev-db/etcd
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
lang-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 192: Line 215:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.0.2
+
3.3.12
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/LuaJIT/LuaJIT/issues/601
+
https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15890: dev-lang/luajit-2.0.3
+
CVE-2020-15115: dev-db/etcd-3.3.13
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 10.00
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/21/2020]
+
[08/06/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+
etcd before versions 3.3.23 and 3.4.10 does not perform any password length
traversal is mishandled.
+
validation, which allows for very short passwords, such as those with a length
 +
of one. This may allow an attacker to guess or brute-force users' passwords with
 +
little computational effort.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-lang/luajit
+
dev-db/etcd
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
lang-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 224: Line 255:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.0.3
+
3.3.13
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/LuaJIT/LuaJIT/issues/601
+
https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15890: dev-lang/luajit-2.0.4
+
CVE-2020-15113: dev-db/etcd-3.3.13
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: 3.95
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/21/2020]
+
[08/05/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created
traversal is mishandled.
+
(etcd data directory and the directory path when provided to automatically
 +
generate self-signed certificates for TLS connections with clients) with
 +
restricted access permissions (700) by using the os.MkdirAll. This function does
 +
not perform any permission checks when a given directory path exists already.
 +
A possible workaround is to ensure the directories have the desired permission
 +
(700).
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-lang/luajit
+
dev-db/etcd
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
lang-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 256: Line 298:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.0.4
+
3.3.13
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/LuaJIT/LuaJIT/issues/601
+
https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15890: dev-lang/luajit-2.0.5
+
CVE-2020-15114: dev-db/etcd-3.3.13
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/21/2020]
+
[08/06/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP
traversal is mishandled.
+
proxy to allow for basic service discovery and access. However, it is possible
 +
to include the gateway address as an endpoint. This results in a denial of
 +
service, since the endpoint can become stuck in a loop of requesting itself
 +
until there are no more available file descriptors to accept connections on the
 +
gateway.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-lang/luajit
+
dev-db/etcd
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
lang-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 288: Line 340:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.0.5
+
3.3.13
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/LuaJIT/LuaJIT/issues/601
+
https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-1776: www-apps/otrs-5.0.25
+
CVE-2020-16117: gnome-extra/evolution-data-server-3.36.2
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 10.00
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/29/2020]
When an agent user is renamed or set to invalid the session belonging to the
+
In GNOME evolution-data-server before 3.35.91, a malicious server can
user is keept active. The session can not be used to access ticket data in the
+
crash the mail client with a NULL pointer dereference by sending an invalid
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+
(e.g., minimal) CAPABILITY line on a connection attempt. This is related to
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+
imapx_free_capability and imapx_connect_to_server.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
www-apps/otrs
+
gnome-extra/evolution-data-server
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
gnome-kit/3.36-prime
  
 
labels:
 
labels:
Line 322: Line 380:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
5.0.25
+
3.36.2
  
 
Facts:
 
Facts:
 
-----
 
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
 +
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
 +
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-1776: www-apps/otrs-6.0.3
+
CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/17/2020]
When an agent user is renamed or set to invalid the session belonging to the
+
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that
user is keept active. The session can not be used to access ticket data in the
+
affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+
additional data and evaluates it in a TLS context, aka "response injection."
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
  
 
CatPkg:
 
CatPkg:
 
------
 
------
www-apps/otrs
+
gnome-extra/evolution-data-server
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
gnome-kit/3.36-prime
  
 
labels:
 
labels:
Line 355: Line 422:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
6.0.3
+
3.36.2
  
 
Facts:
 
Facts:
 
-----
 
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+
https://bugzilla.suse.com/show_bug.cgi?id=1173910
 +
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
 +
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
 +
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
 +
https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/
 +
https://security-tracker.debian.org/tracker/DLA-2281-1
 +
https://security-tracker.debian.org/tracker/DSA-4725-1
 +
https://usn.ubuntu.com/4429-1/
 +
https://www.debian.org/security/2020/dsa-4725
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-1776: www-apps/otrs-6.0.4
+
CVE-2020-13699: net-misc/teamviewer-14.1.3399
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/29/2020]
When an agent user is renamed or set to invalid the session belonging to the
+
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
user is keept active. The session can not be used to access ticket data in the
+
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+
force a victim to send an NTLM authentication request and either relay the
 +
request or capture the hash for offline password cracking. This affects
 +
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
 +
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
 +
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
 +
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
www-apps/otrs
+
net-misc/teamviewer
  
 
KitBranch:
 
KitBranch:
Line 388: Line 476:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
6.0.4
+
14.1.3399
  
 
Facts:
 
Facts:
 
-----
 
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
 +
https://jeffs.sh/CVEs/CVE-2020-13699.txt
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-1776: www-apps/otrs-6.0.5
+
CVE-2020-13699: net-misc/teamviewer-14.1.9025
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/29/2020]
When an agent user is renamed or set to invalid the session belonging to the
+
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
user is keept active. The session can not be used to access ticket data in the
+
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+
force a victim to send an NTLM authentication request and either relay the
 +
request or capture the hash for offline password cracking. This affects
 +
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
 +
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
 +
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
 +
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
www-apps/otrs
+
net-misc/teamviewer
  
 
KitBranch:
 
KitBranch:
Line 421: Line 522:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
6.0.5
+
14.1.9025
  
 
Facts:
 
Facts:
 
-----
 
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
 +
https://jeffs.sh/CVEs/CVE-2020-13699.txt
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-1776: www-apps/otrs-6.0.7
+
CVE-2020-13699: net-misc/teamviewer-14.1.18533
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/29/2020]
When an agent user is renamed or set to invalid the session belonging to the
+
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
user is keept active. The session can not be used to access ticket data in the
+
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+
force a victim to send an NTLM authentication request and either relay the
 +
request or capture the hash for offline password cracking. This affects
 +
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
 +
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
 +
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
 +
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
www-apps/otrs
+
net-misc/teamviewer
  
 
KitBranch:
 
KitBranch:
Line 454: Line 568:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
6.0.7
+
14.1.18533
  
 
Facts:
 
Facts:
 
-----
 
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
 +
https://jeffs.sh/CVEs/CVE-2020-13699.txt
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2
+
CVE-2020-13699: net-misc/teamviewer-14.2.2558
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/29/2020]
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that
+
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads
+
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
additional data and evaluates it in a TLS context, aka "response injection."
+
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
 +
force a victim to send an NTLM authentication request and either relay the
 +
request or capture the hash for offline password cracking. This affects
 +
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
 +
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
 +
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
 +
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
gnome-extra/evolution-data-server
+
net-misc/teamviewer
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
gnome-kit/3.36-prime
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 486: Line 614:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.36.2
+
14.2.2558
  
 
Facts:
 
Facts:
 
-----
 
-----
https://bugzilla.suse.com/show_bug.cgi?id=1173910
+
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
+
https://jeffs.sh/CVEs/CVE-2020-13699.txt
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
 
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
 
https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
 
https://security-tracker.debian.org/tracker/DLA-2281-1
 
https://security-tracker.debian.org/tracker/DSA-4725-1
 
https://usn.ubuntu.com/4429-1/
 
https://www.debian.org/security/2020/dsa-4725
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15852: app-emulation/xen-4.10.3-r1
+
CVE-2020-13699: net-misc/teamviewer-14.2.8352
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/29/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
+
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+
force a victim to send an NTLM authentication request and either relay the
Xen, aka CID-cadfad870154.
+
request or capture the hash for offline password cracking. This affects
 +
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
 +
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
 +
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
 +
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
app-emulation/xen
+
net-misc/teamviewer
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
nokit/1.4-release
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 528: Line 660:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.10.3-r1
+
14.2.8352
  
 
Facts:
 
Facts:
 
-----
 
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
+
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
http://xenbits.xen.org/xsa/advisory-329.html
+
https://jeffs.sh/CVEs/CVE-2020-13699.txt
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
 
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15852: app-emulation/xen-4.11.1-r3
+
CVE-2020-12460: mail-filter/opendmarc-1.1.3
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 10.00
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/27/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
+
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+
termination in the function opendmarc_xml_parse that can result in a one-byte
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+
heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+
report. This can cause remote memory corruption when a '\0' byte overwrites the
Xen, aka CID-cadfad870154.
+
heap metadata of the next chunk and its PREV_INUSE flag.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
app-emulation/xen
+
mail-filter/opendmarc
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
nokit/1.4-release
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 565: Line 702:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.11.1-r3
+
1.1.3
  
 
Facts:
 
Facts:
 
-----
 
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
+
https://github.com/trusteddomainproject/OpenDMARC/issues/64
http://xenbits.xen.org/xsa/advisory-329.html
+
https://sourceforge.net/projects/opendmarc/
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
 
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15852: app-emulation/xen-4.12.0-r1
+
CVE-2020-15953: net-libs/libetpan-1.9.3
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/20/2020]
+
[07/27/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
+
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products,
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+
has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+
sends a "begin TLS" response, the client reads additional data (e.g., from a
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+
meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response
Xen, aka CID-cadfad870154.
+
injection."
  
 
CatPkg:
 
CatPkg:
 
------
 
------
app-emulation/xen
+
net-libs/libetpan
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
nokit/1.4-release
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 602: Line 744:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.12.0-r1
+
1.9.3
  
 
Facts:
 
Facts:
 
-----
 
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
+
https://github.com/dinhvh/libetpan/issues/386
http://xenbits.xen.org/xsa/advisory-329.html
+
https://security.gentoo.org/glsa/202007-55
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
 
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15121: dev-util/radare2-3.4.1
+
CVE-2020-1776: www-apps/otrs-5.0.25
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
 
[07/20/2020]
 
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
+
When an agent user is renamed or set to invalid the session belonging to the
path cause shell injection. To trigger the problem it's required to open the
+
user is keept active. The session can not be used to access ticket data in the
executable in radare2 and run idpd to trigger the download. The shell code will
+
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
execute, and will create a file called pwned in the current directory.
+
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-util/radare2
+
www-apps/otrs
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
dev-kit/1.4-release
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 638: Line 785:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.4.1
+
5.0.25
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
+
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
https://github.com/radareorg/radare2/issues/16945
 
https://github.com/radareorg/radare2/pull/16966
 
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15121: dev-util/radare2-3.5.0
+
CVE-2020-1776: www-apps/otrs-6.0.3
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
 
[07/20/2020]
 
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
+
When an agent user is renamed or set to invalid the session belonging to the
path cause shell injection. To trigger the problem it's required to open the
+
user is keept active. The session can not be used to access ticket data in the
executable in radare2 and run idpd to trigger the download. The shell code will
+
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
execute, and will create a file called pwned in the current directory.
+
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-util/radare2
+
www-apps/otrs
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
dev-kit/1.4-release
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 674: Line 825:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.5.0
+
6.0.3
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
+
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
https://github.com/radareorg/radare2/issues/16945
 
https://github.com/radareorg/radare2/pull/16966
 
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15121: dev-util/radare2-3.5.1
+
CVE-2020-1776: www-apps/otrs-6.0.4
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
 
[07/20/2020]
 
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
+
When an agent user is renamed or set to invalid the session belonging to the
path cause shell injection. To trigger the problem it's required to open the
+
user is keept active. The session can not be used to access ticket data in the
executable in radare2 and run idpd to trigger the download. The shell code will
+
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
execute, and will create a file called pwned in the current directory.
+
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-util/radare2
+
www-apps/otrs
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
dev-kit/1.4-release
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 710: Line 865:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.5.1
+
6.0.4
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
+
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
https://github.com/radareorg/radare2/issues/16945
 
https://github.com/radareorg/radare2/pull/16966
 
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-14001: dev-ruby/kramdown-1.17.0
+
CVE-2020-1776: www-apps/otrs-6.0.5
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
The kramdown gem before 2.3.0 for Ruby processes the template option inside
+
When an agent user is renamed or set to invalid the session belonging to the
Kramdown documents by default, which allows unintended read access (such as
+
user is keept active. The session can not be used to access ticket data in the
template="/etc/passwd") or unintended embedded Ruby code execution (such as a
+
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
string that begins with template="string://<%= `). NOTE: kramdown is used in
+
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
 
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-ruby/kramdown
+
www-apps/otrs
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
ruby-kit/2.6-prime
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 747: Line 905:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
1.17.0
+
6.0.5
  
 
Facts:
 
Facts:
 
-----
 
-----
https://github.com/gettalong/kramdown
+
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
 
https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
 
https://kramdown.gettalong.org
 
https://kramdown.gettalong.org/news.html
 
https://rubygems.org/gems/kramdown
 
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15586: dev-lang/go-1.12.17
+
CVE-2020-1776: www-apps/otrs-6.0.7
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http
+
When an agent user is renamed or set to invalid the session belonging to the
servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads
+
user is keept active. The session can not be used to access ticket data in the
a request body and writes a response at the same time.
+
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
 +
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-lang/go
+
www-apps/otrs
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
lang-kit/1.4-release
+
net-kit/1.4-release
  
 
labels:
 
labels:
Line 784: Line 945:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
1.12.17
+
6.0.7
  
 
Facts:
 
Facts:
 
-----
 
-----
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
+
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
+
 
https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g
+
--------------------------------------------------------------------------------
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
+
--------------------------------------------------------------------------------
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/
 
https://www.cloudfoundry.org/blog/cve-2020-15586/
 
 
 
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-14039: dev-lang/go-1.12.17
+
CVE-2020-15852: app-emulation/xen-4.10.3-r1
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 3.95
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a
+
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots
+
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
equals nil and the installation is on Windows). Thus, X.509 certificate
+
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
verification is incomplete.
+
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
 +
Xen, aka CID-cadfad870154.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
dev-lang/go
+
app-emulation/xen
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
lang-kit/1.4-release
+
nokit/1.4-release
  
 
labels:
 
labels:
Line 823: Line 986:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
1.12.17
+
4.10.3-r1
  
 
Facts:
 
Facts:
 
-----
 
-----
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
+
http://www.openwall.com/lists/oss-security/2020/07/21/2
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
+
http://xenbits.xen.org/xsa/advisory-329.html
https://groups.google.com/forum/#!forum/golang-announce
+
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
+
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
+
CVE-2020-15852: app-emulation/xen-4.11.1-r3
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 3.95
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
 +
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
 +
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
 +
Xen, aka CID-cadfad870154.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
app-emulation/xen
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
nokit/1.4-release
  
 
labels:
 
labels:
Line 857: Line 1,030:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.16
+
4.11.1-r3
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
http://www.openwall.com/lists/oss-security/2020/07/21/2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
http://xenbits.xen.org/xsa/advisory-329.html
https://support.zabbix.com/browse/ZBX-18057
+
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
 +
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
+
CVE-2020-15852: app-emulation/xen-4.12.0-r1
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 3.95
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
 +
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
 +
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
 +
Xen, aka CID-cadfad870154.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
app-emulation/xen
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
nokit/1.4-release
  
 
labels:
 
labels:
Line 890: Line 1,074:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.16
+
4.12.0-r1
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
http://www.openwall.com/lists/oss-security/2020/07/21/2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
http://xenbits.xen.org/xsa/advisory-329.html
https://support.zabbix.com/browse/ZBX-18057
+
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
 +
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
+
CVE-2020-15121: dev-util/radare2-3.4.1
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
path cause shell injection. To trigger the problem it's required to open the
 +
executable in radare2 and run idpd to trigger the download. The shell code will
 +
execute, and will create a file called pwned in the current directory.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-util/radare2
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 923: Line 1,117:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.16
+
3.4.1
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
https://github.com/radareorg/radare2/issues/16945
https://support.zabbix.com/browse/ZBX-18057
+
https://github.com/radareorg/radare2/pull/16966
 +
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
+
CVE-2020-15121: dev-util/radare2-3.5.0
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
path cause shell injection. To trigger the problem it's required to open the
 
+
executable in radare2 and run idpd to trigger the download. The shell code will
 +
execute, and will create a file called pwned in the current directory.
 +
 
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-util/radare2
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 956: Line 1,162:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.21
+
3.5.0
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
https://github.com/radareorg/radare2/issues/16945
https://support.zabbix.com/browse/ZBX-18057
+
https://github.com/radareorg/radare2/pull/16966
 +
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
+
CVE-2020-15121: dev-util/radare2-3.5.1
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/20/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
path cause shell injection. To trigger the problem it's required to open the
 +
executable in radare2 and run idpd to trigger the download. The shell code will
 +
execute, and will create a file called pwned in the current directory.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-util/radare2
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
dev-kit/1.4-release
  
 
labels:
 
labels:
Line 989: Line 1,207:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.21
+
3.5.1
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
https://github.com/radareorg/radare2/issues/16945
https://support.zabbix.com/browse/ZBX-18057
+
https://github.com/radareorg/radare2/pull/16966
 +
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
+
CVE-2020-14001: dev-ruby/kramdown-1.17.0
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: 10.00
  
 
Description:
 
Description:
 
-----------
 
-----------
 
[07/17/2020]
 
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
The kramdown gem before 2.3.0 for Ruby processes the template option inside
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
Kramdown documents by default, which allows unintended read access (such as
 +
template="/etc/passwd") or unintended embedded Ruby code execution (such as a
 +
string that begins with template="string://<%= `). NOTE: kramdown is used in
 +
Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-ruby/kramdown
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
ruby-kit/2.6-prime
  
 
labels:
 
labels:
Line 1,022: Line 1,253:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.21
+
1.17.0
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
https://github.com/gettalong/kramdown
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
https://support.zabbix.com/browse/ZBX-18057
+
https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
 +
https://kramdown.gettalong.org
 +
https://kramdown.gettalong.org/news.html
 +
https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html
 +
https://rubygems.org/gems/kramdown
 +
https://security.netapp.com/advisory/ntap-20200731-0004/
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
+
CVE-2020-15586: dev-lang/go-1.12.17
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
 
-----------
 
-----------
 
[07/17/2020]
 
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads
 +
a request body and writes a response at the same time.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-lang/go
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
lang-kit/1.4-release
  
 
labels:
 
labels:
Line 1,055: Line 1,300:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.21
+
1.12.17
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
https://support.zabbix.com/browse/ZBX-18057
+
https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g
 +
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/
 +
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/
 +
https://security.netapp.com/advisory/ntap-20200731-0005/
 +
https://www.cloudfoundry.org/blog/cve-2020-15586/
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
+
CVE-2020-14039: dev-lang/go-1.12.17
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 10.00
  
 
Description:
 
Description:
 
-----------
 
-----------
 
[07/17/2020]
 
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots
 +
equals nil and the installation is on Windows). Thus, X.509 certificate
 +
verification is incomplete.
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-lang/go
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
lang-kit/1.4-release
  
 
labels:
 
labels:
Line 1,088: Line 1,347:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.23
+
1.12.17
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
https://support.zabbix.com/browse/ZBX-18057
+
https://groups.google.com/forum/#!forum/golang-announce
 +
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
 +
https://security.netapp.com/advisory/ntap-20200731-0005/
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
+
CVE-2020-15803: net-analyzer/zabbix-2.2.16
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,121: Line 1,389:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.23
+
2.2.16
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
+
CVE-2020-15803: net-analyzer/zabbix-2.2.16
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,154: Line 1,430:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
2.2.23
+
2.2.16
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
+
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,187: Line 1,471:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.0.26
+
2.2.21
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
+
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,220: Line 1,512:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.0.26
+
2.2.21
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
+
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,253: Line 1,553:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.0.26
+
2.2.21
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
+
CVE-2020-15803: net-analyzer/zabbix-2.2.23
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,286: Line 1,594:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.6
+
2.2.23
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
+
CVE-2020-15803: net-analyzer/zabbix-2.2.23
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,319: Line 1,635:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.6
+
2.2.23
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
+
CVE-2020-15803: net-analyzer/zabbix-3.0.26
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,352: Line 1,676:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.6
+
3.0.26
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
+
CVE-2020-15803: net-analyzer/zabbix-3.0.26
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,385: Line 1,717:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.6
+
3.0.26
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
+
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,418: Line 1,758:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.7
+
4.0.6
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
+
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,451: Line 1,799:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.7
+
4.0.6
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
+
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,484: Line 1,840:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.7
+
4.0.6
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.9
+
CVE-2020-15803: net-analyzer/zabbix-4.0.7
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,517: Line 1,881:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.9
+
4.0.7
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.9
+
CVE-2020-15803: net-analyzer/zabbix-4.0.7
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,550: Line 1,922:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.0.9
+
4.0.7
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-3.2.11
+
CVE-2020-15803: net-analyzer/zabbix-4.0.9
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: 8.59
  
 
Description:
 
Description:
Line 1,583: Line 1,963:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.2.11
+
4.0.9
  
 
Facts:
 
Facts:
 
-----
 
-----
 +
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 
https://support.zabbix.com/browse/ZBX-18057
 
https://support.zabbix.com/browse/ZBX-18057
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-3.4.15
+
CVE-2020-15117: x11-misc/synergy-1.9.1
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/15/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295)
 +
if the servers memory is less than 4 GB. It was verified that this issue does
 +
not cause a crash through the exception handler if the available memory of the
 +
Server is more than 4GB.
 +
 
 +
CatPkg:
 +
------
 +
x11-misc/synergy
 +
 
 +
KitBranch:
 +
---------
 +
desktop-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
1.9.1
 +
 
 +
Facts:
 +
-----
 +
https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
 +
https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14702: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Privileges). Supported versions that are affected are
 +
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-db/mysql
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
core-server-kit/1.4-release
  
 
labels:
 
labels:
Line 1,616: Line 2,052:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
3.4.15
+
5.5.61
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
https://security.netapp.com/advisory/ntap-20200717-0004/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
https://usn.ubuntu.com/4441-1/
https://support.zabbix.com/browse/ZBX-18057
+
https://www.oracle.com/security-alerts/cpujul2020.html
  
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
  
 
Summary:
 
Summary:
 
-------
 
-------
CVE-2020-15803: net-analyzer/zabbix-4.2.3
+
CVE-2020-14651: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: _
  
 
Description:
 
Description:
 
-----------
 
-----------
[07/17/2020]
+
[07/15/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
 +
Easily exploitable vulnerability allows high privileged attacker with network
 +
access via multiple protocols to compromise MySQL Server. Successful attacks
 +
of this vulnerability can result in unauthorized ability to cause a hang
 +
or frequently repeatable crash (complete DOS) of MySQL Server as well as
 +
unauthorized update, insert or delete access to some of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
  
 
CatPkg:
 
CatPkg:
 
------
 
------
net-analyzer/zabbix
+
dev-db/mysql
  
 
KitBranch:
 
KitBranch:
 
---------
 
---------
net-kit/1.4-release
+
core-server-kit/1.4-release
  
 
labels:
 
labels:
Line 1,649: Line 2,099:
 
AffectsVersions:
 
AffectsVersions:
 
---------------
 
---------------
4.2.3
+
5.5.61
  
 
Facts:
 
Facts:
 
-----
 
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+
https://security.netapp.com/advisory/ntap-20200717-0004/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+
https://usn.ubuntu.com/4441-1/
https://support.zabbix.com/browse/ZBX-18057
+
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14663: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14624: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: JSON). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14697: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14643: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
 +
Easily exploitable vulnerability allows high privileged attacker with network
 +
access via multiple protocols to compromise MySQL Server. Successful attacks
 +
of this vulnerability can result in unauthorized ability to cause a hang
 +
or frequently repeatable crash (complete DOS) of MySQL Server as well as
 +
unauthorized update, insert or delete access to some of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14656: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Locking). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14623: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
 +
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
 +
vulnerability allows high privileged attacker with network access via multiple
 +
protocols to compromise MySQL Server. Successful attacks of this vulnerability
 +
can result in unauthorized ability to cause a hang or frequently repeatable
 +
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
 +
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14680: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14631: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Audit). Supported versions that are affected are 8.0.20
 +
and prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14654: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14620: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: DML). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14678: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14619: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Parser). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14597: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14576: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
 +
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14575: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: DML). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14614: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14591: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
 +
and prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14568: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
 +
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
 +
vulnerability allows high privileged attacker with network access via multiple
 +
protocols to compromise MySQL Server. Successful attacks of this vulnerability
 +
can result in unauthorized ability to cause a hang or frequently repeatable
 +
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
 +
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14586: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Privileges). Supported versions that are affected are
 +
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14567: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Replication). Supported versions that are affected are 5.7.29 and prior and
 +
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14559: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Information Schema). Supported versions that are affected are 5.6.48 and
 +
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
 +
allows low privileged attacker with network access via multiple protocols
 +
to compromise MySQL Server. Successful attacks of this vulnerability can
 +
result in unauthorized read access to a subset of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14553: dev-db/mysql-5.5.61
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
 +
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
 +
low privileged attacker with network access via multiple protocols to
 +
compromise MySQL Server. Successful attacks of this vulnerability can result
 +
in unauthorized update, insert or delete access to some of MySQL Server
 +
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.61
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14702: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Privileges). Supported versions that are affected are
 +
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14651: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
 +
Easily exploitable vulnerability allows high privileged attacker with network
 +
access via multiple protocols to compromise MySQL Server. Successful attacks
 +
of this vulnerability can result in unauthorized ability to cause a hang
 +
or frequently repeatable crash (complete DOS) of MySQL Server as well as
 +
unauthorized update, insert or delete access to some of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14663: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14624: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: JSON). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14697: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14643: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
 +
Easily exploitable vulnerability allows high privileged attacker with network
 +
access via multiple protocols to compromise MySQL Server. Successful attacks
 +
of this vulnerability can result in unauthorized ability to cause a hang
 +
or frequently repeatable crash (complete DOS) of MySQL Server as well as
 +
unauthorized update, insert or delete access to some of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14656: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Locking). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14623: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
 +
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
 +
vulnerability allows high privileged attacker with network access via multiple
 +
protocols to compromise MySQL Server. Successful attacks of this vulnerability
 +
can result in unauthorized ability to cause a hang or frequently repeatable
 +
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
 +
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14631: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Audit). Supported versions that are affected are 8.0.20
 +
and prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14680: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14654: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14620: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: DML). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14678: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14619: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Parser). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14597: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14576: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
 +
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14575: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: DML). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14614: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14591: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
 +
and prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14568: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
 +
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
 +
vulnerability allows high privileged attacker with network access via multiple
 +
protocols to compromise MySQL Server. Successful attacks of this vulnerability
 +
can result in unauthorized ability to cause a hang or frequently repeatable
 +
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
 +
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14586: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Privileges). Supported versions that are affected are
 +
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14567: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Replication). Supported versions that are affected are 5.7.29 and prior and
 +
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14559: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Information Schema). Supported versions that are affected are 5.6.48 and
 +
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
 +
allows low privileged attacker with network access via multiple protocols
 +
to compromise MySQL Server. Successful attacks of this vulnerability can
 +
result in unauthorized read access to a subset of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14553: dev-db/mysql-5.5.62
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
 +
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
 +
low privileged attacker with network access via multiple protocols to
 +
compromise MySQL Server. Successful attacks of this vulnerability can result
 +
in unauthorized update, insert or delete access to some of MySQL Server
 +
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.5.62
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14702: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Privileges). Supported versions that are affected are
 +
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14651: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
 +
Easily exploitable vulnerability allows high privileged attacker with network
 +
access via multiple protocols to compromise MySQL Server. Successful attacks
 +
of this vulnerability can result in unauthorized ability to cause a hang
 +
or frequently repeatable crash (complete DOS) of MySQL Server as well as
 +
unauthorized update, insert or delete access to some of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14663: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14624: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: JSON). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14697: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14643: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
 +
Easily exploitable vulnerability allows high privileged attacker with network
 +
access via multiple protocols to compromise MySQL Server. Successful attacks
 +
of this vulnerability can result in unauthorized ability to cause a hang
 +
or frequently repeatable crash (complete DOS) of MySQL Server as well as
 +
unauthorized update, insert or delete access to some of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14656: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Locking). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14623: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
 +
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
 +
vulnerability allows high privileged attacker with network access via multiple
 +
protocols to compromise MySQL Server. Successful attacks of this vulnerability
 +
can result in unauthorized ability to cause a hang or frequently repeatable
 +
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
 +
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14631: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Audit). Supported versions that are affected are 8.0.20
 +
and prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14680: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14654: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14620: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: DML). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14678: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14619: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Parser). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14597: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14576: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
 +
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14614: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Optimizer). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14575: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: DML). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14591: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
 +
and prior. Easily exploitable vulnerability allows low privileged attacker
 +
with network access via multiple protocols to compromise MySQL Server.
 +
Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14568: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
 +
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
 +
vulnerability allows high privileged attacker with network access via multiple
 +
protocols to compromise MySQL Server. Successful attacks of this vulnerability
 +
can result in unauthorized ability to cause a hang or frequently repeatable
 +
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
 +
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14586: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Privileges). Supported versions that are affected are
 +
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14567: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Replication). Supported versions that are affected are 5.7.29 and prior and
 +
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14559: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Information Schema). Supported versions that are affected are 5.6.48 and
 +
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
 +
allows low privileged attacker with network access via multiple protocols
 +
to compromise MySQL Server. Successful attacks of this vulnerability can
 +
result in unauthorized read access to a subset of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14553: dev-db/mysql-5.6.42
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
 +
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
 +
low privileged attacker with network access via multiple protocols to
 +
compromise MySQL Server. Successful attacks of this vulnerability can result
 +
in unauthorized update, insert or delete access to some of MySQL Server
 +
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.42
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14702: dev-db/mysql-5.6.43
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component:
 +
Server: Security: Privileges). Supported versions that are affected are
 +
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
 +
attacker with network access via multiple protocols to compromise MySQL
 +
Server. Successful attacks of this vulnerability can result in unauthorized
 +
ability to cause a hang or frequently repeatable crash (complete DOS) of
 +
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.43
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14651: dev-db/mysql-5.6.43
 +
 
 +
Scores:
 +
------
 +
Impact: 4.94
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
 +
Easily exploitable vulnerability allows high privileged attacker with network
 +
access via multiple protocols to compromise MySQL Server. Successful attacks
 +
of this vulnerability can result in unauthorized ability to cause a hang
 +
or frequently repeatable crash (complete DOS) of MySQL Server as well as
 +
unauthorized update, insert or delete access to some of MySQL Server accessible
 +
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
 +
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.43
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14663: dev-db/mysql-5.6.43
 +
 
 +
Scores:
 +
------
 +
Impact: 6.44
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +
[07/15/2020]
 +
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
 +
Security: Privileges). Supported versions that are affected are 8.0.20 and
 +
prior. Easily exploitable vulnerability allows high privileged attacker with
 +
network access via multiple protocols to compromise MySQL Server. Successful
 +
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
 +
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
 +
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 +
 
 +
CatPkg:
 +
------
 +
dev-db/mysql
 +
 
 +
KitBranch:
 +
---------
 +
core-server-kit/1.4-release
 +
 
 +
labels:
 +
------
 +
security
 +
 
 +
AffectsVersions:
 +
---------------
 +
5.6.43
 +
 
 +
Facts:
 +
-----
 +
https://security.netapp.com/advisory/ntap-20200717-0004/
 +
https://usn.ubuntu.com/4441-1/
 +
https://www.oracle.com/security-alerts/cpujul2020.html
 +
 
 +
--------------------------------------------------------------------------------
 +
--------------------------------------------------------------------------------
 +
 
 +
Summary:
 +
-------
 +
CVE-2020-14624: dev-db/mysql-5.6.43
 +
 
 +
Scores:
 +
------
 +
Impact: 2.86
 +
Ability to Exploit: _
 +
 
 +
Description:
 +
-----------
 +