Difference between revisions of "FLOP:CVE Monitoring"
Jump to navigation
Jump to search
m |
|||
Line 90: | Line 90: | ||
Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report. | Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report. | ||
This is meant to be human in the loop automation: we can just be spamming <tt>jira</tt>, and <tt>dev</tt>s must take ownership of issues. | |||
{{FLOPFooter}} | {{FLOPFooter}} | ||
Line 96: | Line 96: | ||
The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course. | The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course. | ||
== Example Output | == Example Output Mon 10 Aug 2020 10:39:01 PM EDT == | ||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15115: dev-db/etcd-3.3.12 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 10.00 | |||
Description: | Description: | ||
----------- | ----------- | ||
[ | [08/06/2020] | ||
etcd before versions 3.3.23 and 3.4.10 does not perform any password length | |||
validation, which allows for very short passwords, such as those with a length | |||
of one. This may allow an attacker to guess or brute-force users' passwords with | |||
little computational effort. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-db/etcd | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 125: | Line 130: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.3.12 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/ | https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15113: dev-db/etcd-3.3.12 | ||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: 3.95 | |||
Description: | Description: | ||
----------- | ----------- | ||
[ | [08/05/2020] | ||
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created | |||
(etcd data directory and the directory path when provided to automatically | |||
generate self-signed certificates for TLS connections with clients) with | |||
restricted access permissions (700) by using the os.MkdirAll. This function does | |||
not perform any permission checks when a given directory path exists already. | |||
A possible workaround is to ensure the directories have the desired permission | |||
(700). | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-db/etcd | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 160: | Line 173: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.3.12 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/ | https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15114: dev-db/etcd-3.3.12 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[ | [08/06/2020] | ||
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP | |||
proxy to allow for basic service discovery and access. However, it is possible | |||
to include the gateway address as an endpoint. This results in a denial of | |||
service, since the endpoint can become stuck in a loop of requesting itself | |||
until there are no more available file descriptors to accept connections on the | |||
gateway. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev- | dev-db/etcd | ||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 192: | Line 215: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.3.12 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/ | https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15115: dev-db/etcd-3.3.13 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 10.00 | |||
Description: | Description: | ||
----------- | ----------- | ||
[ | [08/06/2020] | ||
etcd before versions 3.3.23 and 3.4.10 does not perform any password length | |||
validation, which allows for very short passwords, such as those with a length | |||
of one. This may allow an attacker to guess or brute-force users' passwords with | |||
little computational effort. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev- | dev-db/etcd | ||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 224: | Line 255: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.3.13 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/ | https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15113: dev-db/etcd-3.3.13 | ||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: 3.95 | |||
Description: | Description: | ||
----------- | ----------- | ||
[ | [08/05/2020] | ||
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created | |||
(etcd data directory and the directory path when provided to automatically | |||
generate self-signed certificates for TLS connections with clients) with | |||
restricted access permissions (700) by using the os.MkdirAll. This function does | |||
not perform any permission checks when a given directory path exists already. | |||
A possible workaround is to ensure the directories have the desired permission | |||
(700). | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev- | dev-db/etcd | ||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 256: | Line 298: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.3.13 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/ | https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15114: dev-db/etcd-3.3.13 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[ | [08/06/2020] | ||
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP | |||
proxy to allow for basic service discovery and access. However, it is possible | |||
to include the gateway address as an endpoint. This results in a denial of | |||
service, since the endpoint can become stuck in a loop of requesting itself | |||
until there are no more available file descriptors to accept connections on the | |||
gateway. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev- | dev-db/etcd | ||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 288: | Line 340: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.3.13 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/ | https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-16117: gnome-extra/evolution-data-server-3.36.2 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 10.00 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/29/2020] | ||
In GNOME evolution-data-server before 3.35.91, a malicious server can | |||
crash the mail client with a NULL pointer dereference by sending an invalid | |||
(e.g., minimal) CAPABILITY line on a connection attempt. This is related to | |||
imapx_free_capability and imapx_connect_to_server. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
gnome-extra/evolution-data-server | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
gnome-kit/3.36-prime | |||
labels: | labels: | ||
Line 322: | Line 380: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.36.2 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 | ||
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 | |||
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 | |||
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/17/2020] | ||
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that | |||
affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads | |||
additional data and evaluates it in a TLS context, aka "response injection." | |||
and | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
gnome-extra/evolution-data-server | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
gnome-kit/3.36-prime | |||
labels: | labels: | ||
Line 355: | Line 422: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.36.2 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://bugzilla.suse.com/show_bug.cgi?id=1173910 | ||
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df | |||
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac | |||
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 | |||
https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/ | |||
https://security-tracker.debian.org/tracker/DLA-2281-1 | |||
https://security-tracker.debian.org/tracker/DSA-4725-1 | |||
https://usn.ubuntu.com/4429-1/ | |||
https://www.debian.org/security/2020/dsa-4725 | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-13699: net-misc/teamviewer-14.1.3399 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/29/2020] | ||
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its | |||
custom URI handlers. A malicious website could launch TeamViewer with arbitrary | |||
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could | |||
force a victim to send an NTLM authentication request and either relay the | |||
request or capture the hash for offline password cracking. This affects | |||
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, | |||
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, | |||
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, | |||
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
net-misc/teamviewer | |||
KitBranch: | KitBranch: | ||
Line 388: | Line 476: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
14.1.3399 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 | ||
https://jeffs.sh/CVEs/CVE-2020-13699.txt | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-13699: net-misc/teamviewer-14.1.9025 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/29/2020] | ||
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its | |||
custom URI handlers. A malicious website could launch TeamViewer with arbitrary | |||
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could | |||
force a victim to send an NTLM authentication request and either relay the | |||
request or capture the hash for offline password cracking. This affects | |||
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, | |||
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, | |||
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, | |||
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
net-misc/teamviewer | |||
KitBranch: | KitBranch: | ||
Line 421: | Line 522: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
14.1.9025 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 | ||
https://jeffs.sh/CVEs/CVE-2020-13699.txt | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-13699: net-misc/teamviewer-14.1.18533 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/29/2020] | ||
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its | |||
custom URI handlers. A malicious website could launch TeamViewer with arbitrary | |||
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could | |||
force a victim to send an NTLM authentication request and either relay the | |||
request or capture the hash for offline password cracking. This affects | |||
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, | |||
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, | |||
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, | |||
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
net-misc/teamviewer | |||
KitBranch: | KitBranch: | ||
Line 454: | Line 568: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
14.1.18533 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 | ||
https://jeffs.sh/CVEs/CVE-2020-13699.txt | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-13699: net-misc/teamviewer-14.2.2558 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/29/2020] | ||
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its | |||
custom URI handlers. A malicious website could launch TeamViewer with arbitrary | |||
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could | |||
force a victim to send an NTLM authentication request and either relay the | |||
request or capture the hash for offline password cracking. This affects | |||
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, | |||
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, | |||
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, | |||
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
net-misc/teamviewer | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 486: | Line 614: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
14.2.2558 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 | ||
https://jeffs.sh/CVEs/CVE-2020-13699.txt | |||
https:// | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-13699: net-misc/teamviewer-14.2.8352 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/29/2020] | ||
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its | |||
custom URI handlers. A malicious website could launch TeamViewer with arbitrary | |||
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could | |||
force a victim to send an NTLM authentication request and either relay the | |||
request or capture the hash for offline password cracking. This affects | |||
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, | |||
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, | |||
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, | |||
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
net-misc/teamviewer | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 528: | Line 660: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
14.2.8352 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 | |||
https://jeffs.sh/CVEs/CVE-2020-13699.txt | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-12460: mail-filter/opendmarc-1.1.3 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 10.00 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/27/2020] | ||
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null | |||
termination in the function opendmarc_xml_parse that can result in a one-byte | |||
heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate | |||
report. This can cause remote memory corruption when a '\0' byte overwrites the | |||
heap metadata of the next chunk and its PREV_INUSE flag. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
mail-filter/opendmarc | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 565: | Line 702: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
1.1.3 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/trusteddomainproject/OpenDMARC/issues/64 | |||
https://sourceforge.net/projects/opendmarc/ | |||
https:// | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15953: net-libs/libetpan-1.9.3 | ||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/27/2020] | ||
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, | |||
has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server | |||
sends a "begin TLS" response, the client reads additional data (e.g., from a | |||
meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response | |||
injection." | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
net-libs/libetpan | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 602: | Line 744: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
1.9.3 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://github.com/dinhvh/libetpan/issues/386 | |||
https://security.gentoo.org/glsa/202007-55 | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-1776: www-apps/otrs-5.0.25 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/20/2020] | [07/20/2020] | ||
When an agent user is renamed or set to invalid the session belonging to the | |||
user is keept active. The session can not be used to access ticket data in the | |||
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 | |||
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
www-apps/otrs | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 638: | Line 785: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
5.0.25 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://otrs.com/release-notes/otrs-security-advisory-2020-13/ | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-1776: www-apps/otrs-6.0.3 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/20/2020] | [07/20/2020] | ||
When an agent user is renamed or set to invalid the session belonging to the | |||
user is keept active. The session can not be used to access ticket data in the | |||
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 | |||
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
www-apps/otrs | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 674: | Line 825: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
6.0.3 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://otrs.com/release-notes/otrs-security-advisory-2020-13/ | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-1776: www-apps/otrs-6.0.4 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/20/2020] | [07/20/2020] | ||
When an agent user is renamed or set to invalid the session belonging to the | |||
user is keept active. The session can not be used to access ticket data in the | |||
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 | |||
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
www-apps/otrs | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 710: | Line 865: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
6.0.4 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://otrs.com/release-notes/otrs-security-advisory-2020-13/ | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-1776: www-apps/otrs-6.0.5 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
The | When an agent user is renamed or set to invalid the session belonging to the | ||
user is keept active. The session can not be used to access ticket data in the | |||
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 | |||
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
www-apps/otrs | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 747: | Line 905: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
6.0.5 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://otrs.com/release-notes/otrs-security-advisory-2020-13/ | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-1776: www-apps/otrs-6.0.7 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
When an agent user is renamed or set to invalid the session belonging to the | |||
user is keept active. The session can not be used to access ticket data in the | |||
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 | |||
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
www-apps/otrs | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
net-kit/1.4-release | |||
labels: | labels: | ||
Line 784: | Line 945: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
6.0.7 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://otrs.com/release-notes/otrs-security-advisory-2020-13/ | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15852: app-emulation/xen-4.10.3-r1 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 3.95 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in | |||
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port | |||
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap | |||
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and | |||
Xen, aka CID-cadfad870154. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
app-emulation/xen | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
nokit/1.4-release | |||
labels: | labels: | ||
Line 823: | Line 986: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.10.3-r1 | |||
Facts: | Facts: | ||
----- | ----- | ||
http:// | http://www.openwall.com/lists/oss-security/2020/07/21/2 | ||
http:// | http://xenbits.xen.org/xsa/advisory-329.html | ||
https:// | https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2 | ||
https:// | https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15852: app-emulation/xen-4.11.1-r3 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 3.95 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in | |||
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port | |||
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap | |||
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and | |||
Xen, aka CID-cadfad870154. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
app-emulation/xen | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
nokit/1.4-release | |||
labels: | labels: | ||
Line 857: | Line 1,030: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.11.1-r3 | |||
Facts: | Facts: | ||
----- | ----- | ||
http://www.openwall.com/lists/oss-security/2020/07/21/2 | |||
https:// | http://xenbits.xen.org/xsa/advisory-329.html | ||
https:// | https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2 | ||
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2 | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15852: app-emulation/xen-4.12.0-r1 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 3.95 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in | |||
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port | |||
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap | |||
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and | |||
Xen, aka CID-cadfad870154. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
app-emulation/xen | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
nokit/1.4-release | |||
labels: | labels: | ||
Line 890: | Line 1,074: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.12.0-r1 | |||
Facts: | Facts: | ||
----- | ----- | ||
http://www.openwall.com/lists/oss-security/2020/07/21/2 | |||
https:// | http://xenbits.xen.org/xsa/advisory-329.html | ||
https:// | https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2 | ||
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2 | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15121: dev-util/radare2-3.4.1 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
In radare2 before version 4.5.0, malformed PDB file names in the PDB server | |||
path cause shell injection. To trigger the problem it's required to open the | |||
executable in radare2 and run idpd to trigger the download. The shell code will | |||
execute, and will create a file called pwned in the current directory. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-util/radare2 | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 923: | Line 1,117: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.4.1 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | https://github.com/radareorg/radare2/issues/16945 | ||
https://github.com/radareorg/radare2/pull/16966 | |||
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/ | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15121: dev-util/radare2-3.5.0 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
In radare2 before version 4.5.0, malformed PDB file names in the PDB server | |||
path cause shell injection. To trigger the problem it's required to open the | |||
executable in radare2 and run idpd to trigger the download. The shell code will | |||
execute, and will create a file called pwned in the current directory. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-util/radare2 | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 956: | Line 1,162: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.5.0 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | https://github.com/radareorg/radare2/issues/16945 | ||
https://github.com/radareorg/radare2/pull/16966 | |||
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/ | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15121: dev-util/radare2-3.5.1 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/20/2020] | ||
In radare2 before version 4.5.0, malformed PDB file names in the PDB server | |||
path cause shell injection. To trigger the problem it's required to open the | |||
executable in radare2 and run idpd to trigger the download. The shell code will | |||
execute, and will create a file called pwned in the current directory. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-util/radare2 | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
dev-kit/1.4-release | |||
labels: | labels: | ||
Line 989: | Line 1,207: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.5.1 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | https://github.com/radareorg/radare2/issues/16945 | ||
https://github.com/radareorg/radare2/pull/16966 | |||
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/ | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-14001: dev-ruby/kramdown-1.17.0 | ||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: 10.00 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/17/2020] | [07/17/2020] | ||
The kramdown gem before 2.3.0 for Ruby processes the template option inside | |||
Kramdown documents by default, which allows unintended read access (such as | |||
template="/etc/passwd") or unintended embedded Ruby code execution (such as a | |||
string that begins with template="string://<%= `). NOTE: kramdown is used in | |||
Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-ruby/kramdown | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
ruby-kit/2.6-prime | |||
labels: | labels: | ||
Line 1,022: | Line 1,253: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
1.17.0 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://github.com/gettalong/kramdown | ||
https://lists. | https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde | ||
https:// | https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0 | ||
https://kramdown.gettalong.org | |||
https://kramdown.gettalong.org/news.html | |||
https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E | |||
https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html | |||
https://rubygems.org/gems/kramdown | |||
https://security.netapp.com/advisory/ntap-20200731-0004/ | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15586: dev-lang/go-1.12.17 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/17/2020] | [07/17/2020] | ||
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http | |||
servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads | |||
a request body and writes a response at the same time. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-lang/go | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
lang-kit/1.4-release | |||
labels: | labels: | ||
Line 1,055: | Line 1,300: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
1.12.17 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html | ||
https:// | https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g | ||
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/ | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/ | |||
https://security.netapp.com/advisory/ntap-20200731-0005/ | |||
https://www.cloudfoundry.org/blog/cve-2020-15586/ | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-14039: dev-lang/go-1.12.17 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 10.00 | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/17/2020] | [07/17/2020] | ||
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a | |||
check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots | |||
equals nil and the installation is on Windows). Thus, X.509 certificate | |||
verification is incomplete. | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-lang/go | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
lang-kit/1.4-release | |||
labels: | labels: | ||
Line 1,088: | Line 1,347: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
1.12.17 | |||
Facts: | Facts: | ||
----- | ----- | ||
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html | |||
https:// | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html | ||
https:// | https://groups.google.com/forum/#!forum/golang-announce | ||
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w | |||
https://security.netapp.com/advisory/ntap-20200731-0005/ | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix-2.2. | CVE-2020-15803: net-analyzer/zabbix-2.2.16 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,121: | Line 1,389: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
2.2. | 2.2.16 | ||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix-2.2. | CVE-2020-15803: net-analyzer/zabbix-2.2.16 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,154: | Line 1,430: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
2.2. | 2.2.16 | ||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-2.2.21 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,187: | Line 1,471: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
2.2.21 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-2.2.21 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,220: | Line 1,512: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
2.2.21 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-2.2.21 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,253: | Line 1,553: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
2.2.21 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-2.2.23 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,286: | Line 1,594: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
2.2.23 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-2.2.23 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,319: | Line 1,635: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
2.2.23 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-3.0.26 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,352: | Line 1,676: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.0.26 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-3.0.26 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,385: | Line 1,717: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
3.0.26 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix-4.0. | CVE-2020-15803: net-analyzer/zabbix-4.0.6 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,418: | Line 1,758: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.0. | 4.0.6 | ||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix-4.0. | CVE-2020-15803: net-analyzer/zabbix-4.0.6 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,451: | Line 1,799: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.0. | 4.0.6 | ||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix-4.0. | CVE-2020-15803: net-analyzer/zabbix-4.0.6 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,484: | Line 1,840: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.0. | 4.0.6 | ||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix-4.0. | CVE-2020-15803: net-analyzer/zabbix-4.0.7 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,517: | Line 1,881: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.0. | 4.0.7 | ||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix-4.0. | CVE-2020-15803: net-analyzer/zabbix-4.0.7 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,550: | Line 1,922: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.0. | 4.0.7 | ||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020-15803: net-analyzer/zabbix- | CVE-2020-15803: net-analyzer/zabbix-4.0.9 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: 8.59 | |||
Description: | Description: | ||
Line 1,583: | Line 1,963: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
4.0.9 | |||
Facts: | Facts: | ||
----- | ----- | ||
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html | |||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ | ||
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ | ||
https://support.zabbix.com/browse/ZBX-18057 | https://support.zabbix.com/browse/ZBX-18057 | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-15117: x11-misc/synergy-1.9.1 | ||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/15/2020] | ||
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving | |||
a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) | |||
if the servers memory is less than 4 GB. It was verified that this issue does | |||
not cause a crash through the exception handler if the available memory of the | |||
Server is more than 4GB. | |||
CatPkg: | |||
------ | |||
x11-misc/synergy | |||
KitBranch: | |||
--------- | |||
desktop-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
1.9.1 | |||
Facts: | |||
----- | |||
https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 | |||
https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14702: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Privileges). Supported versions that are affected are | |||
8.0.20 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-db/mysql | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
core-server-kit/1.4-release | |||
labels: | labels: | ||
Line 1,616: | Line 2,052: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
5.5.61 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://security.netapp.com/advisory/ntap-20200717-0004/ | ||
https:// | https://usn.ubuntu.com/4441-1/ | ||
https:// | https://www.oracle.com/security-alerts/cpujul2020.html | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | Summary: | ||
------- | ------- | ||
CVE-2020- | CVE-2020-14651: dev-db/mysql-5.5.61 | ||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: _ | |||
Description: | Description: | ||
----------- | ----------- | ||
[07/ | [07/15/2020] | ||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Roles). Supported versions that are affected are 8.0.20 and prior. | |||
Easily exploitable vulnerability allows high privileged attacker with network | |||
access via multiple protocols to compromise MySQL Server. Successful attacks | |||
of this vulnerability can result in unauthorized ability to cause a hang | |||
or frequently repeatable crash (complete DOS) of MySQL Server as well as | |||
unauthorized update, insert or delete access to some of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||
CatPkg: | CatPkg: | ||
------ | ------ | ||
dev-db/mysql | |||
KitBranch: | KitBranch: | ||
--------- | --------- | ||
core-server-kit/1.4-release | |||
labels: | labels: | ||
Line 1,649: | Line 2,099: | ||
AffectsVersions: | AffectsVersions: | ||
--------------- | --------------- | ||
5.5.61 | |||
Facts: | Facts: | ||
----- | ----- | ||
https:// | https://security.netapp.com/advisory/ntap-20200717-0004/ | ||
https:// | https://usn.ubuntu.com/4441-1/ | ||
https:// | https://www.oracle.com/security-alerts/cpujul2020.html | ||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14663: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14624: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: JSON). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14697: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14643: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Roles). Supported versions that are affected are 8.0.20 and prior. | |||
Easily exploitable vulnerability allows high privileged attacker with network | |||
access via multiple protocols to compromise MySQL Server. Successful attacks | |||
of this vulnerability can result in unauthorized ability to cause a hang | |||
or frequently repeatable crash (complete DOS) of MySQL Server as well as | |||
unauthorized update, insert or delete access to some of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14656: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Locking). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14623: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |||
Supported versions that are affected are 8.0.20 and prior. Easily exploitable | |||
vulnerability allows high privileged attacker with network access via multiple | |||
protocols to compromise MySQL Server. Successful attacks of this vulnerability | |||
can result in unauthorized ability to cause a hang or frequently repeatable | |||
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | |||
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14680: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14631: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Audit). Supported versions that are affected are 8.0.20 | |||
and prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14654: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14620: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: DML). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14678: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14619: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Parser). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14597: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14576: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: UDF). Supported versions that are affected are 5.7.30 and prior and | |||
8.0.20 and prior. Easily exploitable vulnerability allows low privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14575: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: DML). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14614: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14591: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Audit Plug-in). Supported versions that are affected are 8.0.20 | |||
and prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14568: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |||
Supported versions that are affected are 8.0.20 and prior. Easily exploitable | |||
vulnerability allows high privileged attacker with network access via multiple | |||
protocols to compromise MySQL Server. Successful attacks of this vulnerability | |||
can result in unauthorized ability to cause a hang or frequently repeatable | |||
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | |||
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14586: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Privileges). Supported versions that are affected are | |||
8.0.20 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14567: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Replication). Supported versions that are affected are 5.7.29 and prior and | |||
8.0.19 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14559: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Information Schema). Supported versions that are affected are 5.6.48 and | |||
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability | |||
allows low privileged attacker with network access via multiple protocols | |||
to compromise MySQL Server. Successful attacks of this vulnerability can | |||
result in unauthorized read access to a subset of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14553: dev-db/mysql-5.5.61 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Pluggable Auth). Supported versions that are affected are 5.7.30 | |||
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows | |||
low privileged attacker with network access via multiple protocols to | |||
compromise MySQL Server. Successful attacks of this vulnerability can result | |||
in unauthorized update, insert or delete access to some of MySQL Server | |||
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.61 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14702: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Privileges). Supported versions that are affected are | |||
8.0.20 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14651: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Roles). Supported versions that are affected are 8.0.20 and prior. | |||
Easily exploitable vulnerability allows high privileged attacker with network | |||
access via multiple protocols to compromise MySQL Server. Successful attacks | |||
of this vulnerability can result in unauthorized ability to cause a hang | |||
or frequently repeatable crash (complete DOS) of MySQL Server as well as | |||
unauthorized update, insert or delete access to some of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14663: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14624: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: JSON). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14697: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14643: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Roles). Supported versions that are affected are 8.0.20 and prior. | |||
Easily exploitable vulnerability allows high privileged attacker with network | |||
access via multiple protocols to compromise MySQL Server. Successful attacks | |||
of this vulnerability can result in unauthorized ability to cause a hang | |||
or frequently repeatable crash (complete DOS) of MySQL Server as well as | |||
unauthorized update, insert or delete access to some of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14656: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Locking). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14623: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |||
Supported versions that are affected are 8.0.20 and prior. Easily exploitable | |||
vulnerability allows high privileged attacker with network access via multiple | |||
protocols to compromise MySQL Server. Successful attacks of this vulnerability | |||
can result in unauthorized ability to cause a hang or frequently repeatable | |||
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | |||
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14631: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Audit). Supported versions that are affected are 8.0.20 | |||
and prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14680: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14654: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14620: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: DML). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14678: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14619: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Parser). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14597: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14576: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: UDF). Supported versions that are affected are 5.7.30 and prior and | |||
8.0.20 and prior. Easily exploitable vulnerability allows low privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14575: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: DML). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14614: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14591: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Audit Plug-in). Supported versions that are affected are 8.0.20 | |||
and prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14568: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |||
Supported versions that are affected are 8.0.20 and prior. Easily exploitable | |||
vulnerability allows high privileged attacker with network access via multiple | |||
protocols to compromise MySQL Server. Successful attacks of this vulnerability | |||
can result in unauthorized ability to cause a hang or frequently repeatable | |||
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | |||
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14586: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Privileges). Supported versions that are affected are | |||
8.0.20 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14567: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Replication). Supported versions that are affected are 5.7.29 and prior and | |||
8.0.19 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14559: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Information Schema). Supported versions that are affected are 5.6.48 and | |||
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability | |||
allows low privileged attacker with network access via multiple protocols | |||
to compromise MySQL Server. Successful attacks of this vulnerability can | |||
result in unauthorized read access to a subset of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14553: dev-db/mysql-5.5.62 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Pluggable Auth). Supported versions that are affected are 5.7.30 | |||
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows | |||
low privileged attacker with network access via multiple protocols to | |||
compromise MySQL Server. Successful attacks of this vulnerability can result | |||
in unauthorized update, insert or delete access to some of MySQL Server | |||
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.5.62 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14702: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Privileges). Supported versions that are affected are | |||
8.0.20 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14651: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Roles). Supported versions that are affected are 8.0.20 and prior. | |||
Easily exploitable vulnerability allows high privileged attacker with network | |||
access via multiple protocols to compromise MySQL Server. Successful attacks | |||
of this vulnerability can result in unauthorized ability to cause a hang | |||
or frequently repeatable crash (complete DOS) of MySQL Server as well as | |||
unauthorized update, insert or delete access to some of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14663: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14624: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: JSON). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14697: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14643: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 4.94 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Roles). Supported versions that are affected are 8.0.20 and prior. | |||
Easily exploitable vulnerability allows high privileged attacker with network | |||
access via multiple protocols to compromise MySQL Server. Successful attacks | |||
of this vulnerability can result in unauthorized ability to cause a hang | |||
or frequently repeatable crash (complete DOS) of MySQL Server as well as | |||
unauthorized update, insert or delete access to some of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14656: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Locking). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14623: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |||
Supported versions that are affected are 8.0.20 and prior. Easily exploitable | |||
vulnerability allows high privileged attacker with network access via multiple | |||
protocols to compromise MySQL Server. Successful attacks of this vulnerability | |||
can result in unauthorized ability to cause a hang or frequently repeatable | |||
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | |||
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14631: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Audit). Supported versions that are affected are 8.0.20 | |||
and prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14680: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14654: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14620: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: DML). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14678: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 6.44 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Security: Privileges). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker with | |||
network access via multiple protocols to compromise MySQL Server. Successful | |||
attacks of this vulnerability can result in takeover of MySQL Server. CVSS | |||
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS | |||
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14619: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Parser). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14597: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14576: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: UDF). Supported versions that are affected are 5.7.30 and prior and | |||
8.0.20 and prior. Easily exploitable vulnerability allows low privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14614: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Optimizer). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14575: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: DML). Supported versions that are affected are 8.0.20 and | |||
prior. Easily exploitable vulnerability allows high privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14591: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Audit Plug-in). Supported versions that are affected are 8.0.20 | |||
and prior. Easily exploitable vulnerability allows low privileged attacker | |||
with network access via multiple protocols to compromise MySQL Server. | |||
Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14568: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | |||
Supported versions that are affected are 8.0.20 and prior. Easily exploitable | |||
vulnerability allows high privileged attacker with network access via multiple | |||
protocols to compromise MySQL Server. Successful attacks of this vulnerability | |||
can result in unauthorized ability to cause a hang or frequently repeatable | |||
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | |||
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14586: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: | |||
Server: Security: Privileges). Supported versions that are affected are | |||
8.0.20 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14567: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Replication). Supported versions that are affected are 5.7.29 and prior and | |||
8.0.19 and prior. Easily exploitable vulnerability allows high privileged | |||
attacker with network access via multiple protocols to compromise MySQL | |||
Server. Successful attacks of this vulnerability can result in unauthorized | |||
ability to cause a hang or frequently repeatable crash (complete DOS) of | |||
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14559: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||
[07/15/2020] | |||
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: | |||
Information Schema). Supported versions that are affected are 5.6.48 and | |||
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability | |||
allows low privileged attacker with network access via multiple protocols | |||
to compromise MySQL Server. Successful attacks of this vulnerability can | |||
result in unauthorized read access to a subset of MySQL Server accessible | |||
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: | |||
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||
CatPkg: | |||
------ | |||
dev-db/mysql | |||
KitBranch: | |||
--------- | |||
core-server-kit/1.4-release | |||
labels: | |||
------ | |||
security | |||
AffectsVersions: | |||
--------------- | |||
5.6.42 | |||
Facts: | |||
----- | |||
https://security.netapp.com/advisory/ntap-20200717-0004/ | |||
https://usn.ubuntu.com/4441-1/ | |||
https://www.oracle.com/security-alerts/cpujul2020.html | |||
-------------------------------------------------------------------------------- | |||
-------------------------------------------------------------------------------- | |||
Summary: | |||
------- | |||
CVE-2020-14553: dev-db/mysql-5.6.42 | |||
Scores: | |||
------ | |||
Impact: 2.86 | |||
Ability to Exploit: _ | |||
Description: | |||
----------- | |||